WannaCry and GDPR: Driving the adoption of cyber-insurance
by Heat Recruitment
The global cyber landscape is changing. As the number and quality of cyberattacks rises, so too does the impetus to secure data from threat actors. But what does it mean for the insurance sector as a whole and the shift in the nature of roles being recruited?
WannaCry, for example, is considered to be one of the most significant attacks of the last decade. The ransomware successfully took down critical infrastructure in numerous countries, including NHS trusts in the UK, a telecommunications organisation in Spain, and even a subsidiary of shipping giant Maersk in Denmark. For businesses, this translates to an increased threat level, with greater incentive to ensure security and mitigate the potential damage – financial or otherwise.
The attack targeted known vulnerabilities within Windows systems, using these infected devices as a benchmark for further attacks against any infected network. The ransomware directly targeted an exploit, EternalBlue, which was reportedly developed by the United States’ National Security Agency (NSA). In short, the result was the capability of a nation-state threat actor in the hands of an average hacker – a worrying proposition for any business. In an attempt to mitigate the risk posed by cyber-attacks, GDPR, the General Data Protection Regulation, is one of the directives which has been brought forward.
Superseding the Data Protection Act, GDPR codifies a series of best practice requirements on how organisations should store, process and safeguard Personally Identifiable Information (PII). Acting as a legal requirement to ensure a baseline of security, the regulation is designed with one purpose in mind – securing the myriad of data that businesses possess on regular people.
Unfortunately, due to various circumstances, just under half of businesses have now admitted they are unprepared for GDPR – despite the regulation coming into force in May of 2018. As a result, the number of businesses looking into cyber insurance is growing significantly.
Sarah Stephens, head of cyber at insurance broker JLT, confirmed to FT.com that demand for these services was increasing, stating “we’ve had calls from clients who have been thinking about cyber insurance for years but want to push the button now.” The APAC region, reportedly the worst hit by the WannaCry attack, recorded an 87% rise in the number of cyber insurance requests – up significantly on a global rise of 38%. What this means from an employment perspective, however, is simple.
As the number of organisations looking to take out cyber insurance increases, so too will the number of skilled staff required to identify, assess and implement. The professionals undertaking these claims will invariably be required to hold a degree in a relevant discipline such as information security or computer science. The aspects of this cover will be complex, ranging from an interruption of business services, a destroyed data, or the very real risk that company secrets can be stolen for corporate espionage. In addition, it is likely that existing claims adjustors may be required to upskill in order to better serve this demand.
In today’s landscape, there is a clear and present threat posed by unsecured technologies. Whereas previously, good security practice could mitigate the majority of these risks, the sheer number of threats and threat actors means that a cyber-breach is not just a possibility, it is a foregone conclusion.
The differentiator between an organisation that is brought down and one that can remain operational sits firmly with the forethought and strategies in place prior to the attack. A security baseline is essential – particularly under GDPR. This baseline, however, is not a silver-bullet solution.
The difference between success and failure for most businesses is linked to the financial aspect – looking at how quickly a damaging attack can be recovered from. For this, a cyber insurance policy is essential. Before this, however, the staff must be in place to facilitate this need. The global demand for cyber insurance specialists will continue to rise in tandem with the rise in cyberattacks. What will be key is how these risks are met and mitigated.