Issue 18 - Autumn 2021
As the recent HSE ransomware attack cruelly demonstrated, any organisation is now fair game for cybercriminals to extract a bounty – regardless of the human cost. This year has already seen a significant increase in the number of ransomware attacks over 2020, itself a bumper year for cybercriminals. However, even before the lockdown arising from Covid-19, (and the increase in the number of people working from home resulted in more vulnerabilities in IT systems), it was already apparent that we had entered a golden age for cybercriminals. Sean O’Halloran (Associate) and Tara Cosgrove (Partner) Beale & Co walk us through the current cybercrime landscape and how best to mitigate against attacks.
Cybercrime is a catch-all term that includes the following:
One of the main reasons for the surge in ransomware attacks is a result of the widespread adoption of cryptocurrency – chiefly Bitcoin – as a means to facilitate the payment of ransoms. This is due to a perception amongst cybercriminals that Bitcoin and other cryptocurrencies which function using anonymised blockchain technology are untraceable. This is not correct, however. As demonstrated by the FBI investigation into the Colonial Pipeline cyberattack, (which occurred in May this year resulting in significant fuel shortages in parts of the Northeast of the US) Bitcoin can be traced and recovered.
Phishing is often a more insidious form of cybercrime than ransomware. Phishing attacks are often instigated by employing social engineering, such as a fake email from a friend or business associate of the target, who is then deceived into downloading a malicious file or clicking on a link to a fraudulent version of a website. Once the target’s password is obtained by the criminals, they can then login to the target's account.
Once they access the target’s account, cybercriminals typically then move slowly and methodologically through the user’s account so as to gather as much information on the user as possible to then target that user’s customers into transferring monies to an illegitimate bank account.
Similar to phishing, authorised push payment (APP) frauds target individuals into transferring monies to bank accounts controlled by cybercriminals after receiving an email or phone call from someone they believe to be a legitimate source. Such impersonation APP frauds have massively increased due to Covid-19 as cybercriminals pretend to be government departments or business associates.
The wide and diverse nature of the cybercrime threat is creating ever more difficulties for organisations to counter the risks, particularly as businesses and IT security firms may struggle to prevent new attacks which seek to exploit previously unforeseen or unknown vulnerabilities to target systems (so-called zero-day attacks).
Cyber vulnerabilities may also result in data breaches, which can lead to fines under the GDPR and/or the potential for civil claims in the courts by individuals whose data was abused or exposed as a result of a cyber breach.
The growth of cybercrime has resulted in the market for cyber insurance becoming increasingly specialised and complex as clients and brokers seek out cover for such hazards. Although many common business insurance policies – such as business interruption or professional indemnity insurance – traditionally either deliberately or otherwise provided some cover against some limited exposures, they have often been misunderstood. For this reason, caution is advised for underwriters, brokers and purchasers to ensure that what cover is provided is understood. This is particularly important as in recent years there has been a distinct effort on the part of insurers to avoid inadvertently providing cyber cover under traditional policies in order to avoid providing so-called non-affirmative, or “silent” cyber cover.
In parallel to the retrenchment of cover, there has been a growth in the number of specialised cyber policies written by insurers. The first specialised cyber insurance policy was written by Lloyds in 2000, but that market has since grown exponentially with one reinsurer quoted forecasting the global cyber insurance market to reach a value of approximately $20 billion by the year 2025. Much of this growth is expected from smaller business customers who are increasingly being targeted and are now appreciating the requirement for specialised cyber insurance. For many, cyber cover has moved from a “nice to have” to an “essential cover”.
For brokers, understanding the nuance of competing policies is particularly difficult where their clients’ business may be changing and the clients themselves are not particularly tech-savvy or have outsourced their IT. Detailed and informed engagement with clients is, therefore, necessary to obtain certainty as to what is and isn’t covered, but what should be.
