Brokers report surge in cyber demand

18/05/2017 06:55

Cyber insurance brokers reported a spike in calls from clients seeking cover following the WannaCrypt ransomware attack that hit 150 countries over the weekend.

An increasing number of firms and public agencies are worried about security vulnerabilities and seeking guidance to make sure they have appropriate cover, brokers told Reactions.

Chris Cotterell, chief executive of cyber and technology brokerage SafeOnline, said: “Just over the weekend we saw an uptick in enquiries.

“This will definitely trigger people to realise how exposed their businesses are. We’ve definitely seen a range of interesting claims and enquiries – some of the brokers have been highlighting the increase in capacity that could arise.

“I think the insurance industry has certainly got the means to respond to these things and remedy it,” Cotterell added.

The attack, which affected systems around the world, caused disruption for companies by encrypting infected computers and demanding $300 in bitcoin to restore files.

A WannaCrypt worm virus, which exploits a vulnerability in Microsoft’s server message block, hit firms including Deutsche Bahn, FedEx, Renault, Telefónica and China National Petroleum.

Andrea Garcia Beltran, cyber sales leader for Europe, Middle East and Africa at Aon Risk Solutions, said: “We’re really busy – we are seeing an increase in enquiries from prospective clients who were previously unsure if they need to take action.

“There has also been an increase in requests from existing clients checking whether business interruption (BI) is covered or not, and how much it will affect the market at large,” she added.

Japanese industrial group Hitachi said a number of its computers inside and outside Japan had been hit, while the ransomware attack forced French car manufacturer Renault to halt a number of its factories on Saturday.

In the UK the cyber attack hit one in five National Health Service England trusts, forcing hospitals to ask all but emergency patients to stay away.

Sarah Stephens, head of cyber, technology and media E&O, said JLT had noted a surge in enquiries and highlighted the need for cyber insurers to learn from firms covering kidnap and ransom.

“Right now this kind of event is widely available in the kidnap and ransom (K&R) market. The offering generally includes ransom costs, expenses, which include the cost of investigating an incident and consequent business interruption," she said.

“K&R policies and deductibles are so low that it’s very different with cyber policies. Cyber policies can see deductibles of between £25,000 and £50,000 compared with between £5000 and £0 for K&R.

“This can be a bit of a problem, because if clients buy coverage from the ransom market there’s always risk the coverage could just disappear. With cyber policies, however, the full consequences of ransomware attacks are fully covered,” she added.

The WannaCrypt virus is believed to exploit a bug once used by the National Security Agency to spy on the US intelligence agency's targets.

The firm’s internal tool codenamed Eternal blue was leaked online in April, putting the architecture of the hack in the public domain.