WannaCry: The lessons learned for insurance
Article – June 2017
Insurance / Quantification / Forensic Investigation
The recent WannaCry ransomware attack has put into sharp focus the daily operational risks that face both the public and private sectors. The Press spotlight in the UK was understandably on the NHS, but the effects were felt by the private sector too and the cyber insurance market has responded accordingly. Indeed, the nature of the attack – its timing (on a Friday), its geographical reach over a broad range of industries and its seeming pinpoint on older operating systems – raises various issues for cyber insurers.
As appeared in Insurance Business, 2 June 2017
By: James Stanbury and Ben Hobby
The focus of the attack was initially reported as being on XP systems (introduced in 2001), but more recently it seems that a significant majority of attacks have been on Windows 7 operating systems, which were first released in 2009. Microsoft released a patch to fix the vulnerability in March this year, but it transpires that various organisations and companies had not applied it or were using operating systems that were no longer supported by Microsoft. This does raise some level of concern as to how corporates’ senior management are prioritising cyber security as an operational risk and whether they are using their best endeavours to make system security as up-to-date as possible. In turn, the insurance industry may seek to focus more, in their policy wordings, on warranties regarding the currency of software updates.
Read the rest of the opinion piece at Insurance Business