Covid-19 has changed everything for insurance companies. There’s the fall-out over rejected Pandemic claims, processing millions of refunds for car insurance customers and then the working from home revolution, which looks set to sweep away much of the stuffy office culture that has underpinned the sector for decades.
One trend that many companies have seen is a strong surge in demand for cyber cover, and it isn’t hard to see why. As we become more dependent on the internet for the majority of financial transcations, shopping, GP consultations and more it is essential that those web services function properly, with high levels of security.
Yakir Golan, CEO of Kovrr, published a blog post today that looks at the potential economic impact of a major cyber incident. Well worth reading, as insurers need to specify EXACTLY what is, and isn’t covered, when the inevitable `black swan’ event occurs. Consider this; if a cyber attack not only causes a data breach that results in a GDPR fine, brand reputational damage and and stops you from trading – just as Covid-19 restrictions are lifting – could your company survive?
This is why cyber insurance matters and the policy wording is crucial. Here’s the blog from Kovrr;
On March 10, 2020, information regarding a vulnerability in the Microsoft server message block (SMB) protocol was accidentally leaked. Microsoft SMB is a network communication protocol providing shared access to files, printers and serial ports on a network.
The vulnerability, known as SMBGhost and officially identified as CVE-2020-0796, only affected versions of Windows 10 and new Windows server versions. In just one day, security firm Kryptos Logic confirmed that based on its internet scans, there were approximately 48,000 vulnerable servers. Currently, Windows 10 runs on approximately 1 billion devices. By March 12, 2020, a patch was released and the vulnerability gone. All in all, no damage was done.
So, why is this vulnerability important?
In 2017, the NotPetya and WannaCry ransomware attacks shook the world and caused a total of $14 billion in economic damage. By November of 2018, the insurance and reinsurance industry loss caused by just NotPetya had surpassed $3 billion, and insured losses were predicted to grow by over 30% as the tail developed. While the attacks were initiated by different attackers, they shared the same exploit, EternalBlue, developed by the U.S. NSA and leaked by a hacker group.
EternalBlue is eerily similar to the new SMBGhost. The vulnerabilities allowed attackers to exploit the SMB protocol and could have led to remote code execution. Most notably, they allowed for an extremely high virality factor because the attack needed no human interaction to proliferate and had many reachable hosts from the internet. In the case of SMBGhost, we were lucky that the vulnerability was not exploited. Chances are, we won’t be as lucky next time — and the next cyber catastrophe could be around the corner.
Throughout my career in cyber modeling, artificial intelligence and risk management, my mission has been to increase awareness and knowledge of cyber risk to insurance professionals. Across the risk management value chain, from capital markets to reinsurers, insurers and enterprises, I believe risk professionals should be more prepared for the implications of a catastrophic cyber event.
When I examined cyber incidents from the last two decades, I saw an interesting trend around cyber incidents that affected a large set of businesses simultaneously: Attackers use blueprints that leverage similar types of vulnerabilities to launch highly distributed attacks. One of the reasons that these types of events reoccur stems from the fact that many companies around the world rely on similar technology and service providers to support business operations.