Cybercrime is one of the biggest manmade risks we are facing this century, with businesses all over the world at risk – including in Denmark. With the frequency and severity of these attacks increasing, businesses need a robust, well-developed plan in place to survive a cyber crisis, including understanding their most valued assets, and making sure that they are fully protected. That includes having insurance in place for when things go wrong. These were the key outcomes from the Lloyd’s Cyber Seminar which took place in Copenhagen last week, in the wake of the WannaCry ransomware attack.
The latest in a growing series of global cyber-attack, the WannaCry attack affected more than 200,000 organisations in 150 countries. While the full costs and long term impact are unlikely to become clear for some time, this shows that many organisations – not just the public sector – are unable to build a security wall that would protect them from such attacks. A small vulnerability can be a gateway for malicious actors to exploit.
Building cyber resilience can be particularly complex in Denmark – a hotbed for technological innovation that’s highly dependent on the internet and digital services. A Danish Defence Intelligence Service report recently highlighted the severity of the cyber threat against Denmark, with the main threat originating from state-sponsored cyber espionage and from cybercrime.
Lloyd’s own research with senior Danish business leaders revealed that 93% of Danish businesses have experienced a data breach in the past five years. However, worryingly, only 43% were concerned that they would be affected again. These findings highlight the false sense of security that permeates every business.
And it is not only a company’s data which is at stake - reputational damage and even life can be at risk. According to cyber expert Christian Hammer, from the Danish National Cyber Crime Centre, WannaCry also marks a change among hacker attacks as the “hacker codex” to never put life at risk and to always work under radar have both been discarded.
In a world where it’s a matter of “when, not if” a company suffers a cyberattack, how should businesses prepare?
Here are three things that Danish businesses should do to help them survive this fast moving threat:
- Understand your most valuable assets: businesses are used to assessing their tangible assets, such as property, but have less confidence when it comes to intangible assets such as data and reputation. Understand what your most valuable assets are and what you will need to protect in case you’re compromised.
- Have a plan in place: once you understand your assets and vulnerabilities get the right people in the room to establish and implement a cyber risk strategy. This should not only be the responsibility of the IT team – it needs to be a priority across the organisation, and include IT, security, legal, communications, all the way to the boardroom.
- Make sure you cover all bases: in the wake of WannaCry, businesses need to realise that investments in a competent IT department should not conflict with the necessity of being properly insured in case of a breach. As cyber is an ever evolving threat, businesses can’t prevent breaches taking place – upgrading your IT system will only take you so far. Instead, it is about how you manage incidents and what measures you have in place to protect your business and importantly, your customers. Insurance can provide a critical role in helping businesses in this environment, not just in terms of cover for any financial losses, but for the support regarding meeting regulatory obligations and dealing with potential operational and reputational fall-outs.
According to Klaus Stubkjær Andersen, Partner at Riskpoint, a Lloyd’s coverholder: “This is a wakeup call for everyone. It is time for Danish business leaders to look beyond IT and consider the wide-ranging implications of the growing threat of cyber-crime. Keeping up to date with the pace of change is one of the biggest challenges when it comes to cyber risk, but it is something that governments, the business community and individuals around the world all need to do to ensure we are prepared for the consequences of cyber events.”
For more information on cyber insurance at Lloyd's, visit our cyber insurance pages.