Globe Wireframe

Thought Leadership

Insights and analysis of the latest news and trends affecting the insurance and employee benefits industries

Back to Thought Leadership

Abandon hope if you neglect cyber security

31 August 2017

Europe's Lucifer heatwave grabbed headlines for hampering infrastructure last week, but a more enduring threat to the continent's logistics resurfaced earlier this summer. Ukraine, a flashpoint for European proxy struggles since its independence, suffered its third major cyberattack in the last two years in June. In contrast to the previous attacks, which targeted power grids and utility services, this one took down the national bank, multiple government sites, and public transportation networks, as well as the state power company. The "Petya" attacks on Ukraine occurred concurrently with "NotPetya" attacks elsewhere in Europe and around the world.

The incident highlighted two risk factors: the advancing sophistication of hackers, and their willingness to target entire sectors, cities, and even countries. This is not just a political problem, although Russia-backed hackers have aimed to embarrass Ukraine's beleaguered government. It is also a growing business risk. Sunil Vyas, Head of Global Markets at Axco Insurance Information Services, observed that "The attacks have big implications for insurers, apart from all the other chaos. [New cyber weapons] could make the [WannaCry ransomware thefts in May] seem lightweight."

Ukraine is not the only victim, with the UK, Australia and the US experiencing electronic assaults in recent months. Wired Magazine also reports that next generation malware can be embedded like sleeper cells in networks, and direct systems to turn upon themselves at will. Hackers have already experimented with penetrating voting systems and computers at utility companies in the US, prompting concern for countries with weaker digital protections.

Meanwhile, policy has lagged behind technology, although the US Congress voted to codify sanctions against Russia in July. The legislation penalises Russian industries for the country's activities in Ukraine as well as its targeted leaks during the 2016 US presidential election. The bill requires that the executive submit a report to Congress to justify requests for sanctions relief, increasing scrutiny of any parties that stand to benefit.

These sanctions will allow the US Congress to argue that it is addressing Russian aggression. They will not deter independent or state-sponsored hackers. Moreover, image-conscious corporate hacking victims are reluctant to disclose the scope of their losses. Although it is difficult to quantify the risk posed by criminals online, Munich Re projects that cyber security premiums could equal USD 10bn by 2020. In the meantime, check your insurance policies and log off before going home.