In what now seems like a foreboding example of premonition,Kansas Commissioner of Insurance Ken Selzer last Thursday releaseda shortlist of tips that his office intended to help individualsand businesses protect themselves against identity theft or a cyberattack.

“It is important that cyber vigilance begins at home,” Selzer said in his May 11 statement. “Knowingsome common-sense precautions can keep you and your personalinformation safer.”

One day later, international hackers unleashed the WannaCryransomware program, which demands $300 from the user of an infectedcomputer or device in order to restore its data. As the virusspread over the weekend, insurance agents, brokers and consumersbraced themselves for a major Monday-morning tech headache.

Good reason to worry

White House Homeland Security Adviser Tom Bossertsaid Monday that 150 countries and more than 300,000 peoplewere affected by the WannaCry attack, which revealed avulnerability already known to cyber security expertsworldwide.

“Law enforcement, IT professionals, consumers, business, and thepublic sector all have responsibility to act to keep enabling thegood that the Internet brings,” Kathy Brown, president and CEO ofthe Internet Society (ISOC), said in a press release Monday. “Wehave a shared responsibility to collaboratively get this undercontrol.”

Brown hoped to draw attention to recent survey results compiledby the ISOC along with the Centre for International GovernanceInnovation and the United Nations Conference on Trade andDevelopment. Their Global Survey on Internet Security and Trustfound that “most people are ill equipped to deal withransomware.”

What's more, researchers determined that 6 percent of peopleworldwide have already been impacted by malware, and nearly twiceas many know someone who has been victimized by a cyber attack.

Roughly one in four people interviewed for the survey said theywould “have no idea” what to do if their computer or device were targeted by malware orransomware.

“Ransomware attackers have discovered that they don't have tosteal or destroy your data to enrich themselves, they just have tohold it hostage,” Fen Osler Hampson, distinguished fellow anddirector of Global Security at CIGI, said in a prepared statement.“Our survey data shows that many people are willing to pay to gettheir data back, which makes such attacks highly profitable.”

Continue on…

Roughly one in four people “have no idea” what to do iftheir computer or device is targeted by ransomware. (Photo:iStock)

Widespread vulnerability

“In the US alone, 63% of firms reported experiencing a cyberincident in the past year, and 47% said they had two or more,” saidDan Burke, cyber and technology product head at Hiscox USA.The Hiscox Cyber Readiness Report 2017surveyed more than 3,000 businesses in the U.S., United Kingdom andGermany on their cyber preparedness. Researchers concluded thatlast year alone, cyber crime cost the global economy $450billion.

“Larger companies (250+ employees) had a somewhat higher risk,with 72% reporting one or more incidents, compared to 60% ofsmaller firms (less than 249 employees),” Burke said a pressrelease.

Scary wake-up call

“When we see whole systems like the National Health System inthe United Kingdom directly targeted, it reinforces how dependentwe have become on our data-driven networks,” Michael Kaiser,executive director of the nonprofit National Cyber SecurityAlliance in Washington, D.C., said in a statement about theWannaCry event. “It is of utmost importance that cybersecurity of those networks be a top priorityof businesses and organizations large and small.“

Speaking in terms of “cyber hygiene,” Kaiser recommended thefollowing urgent cybersecurity steps:

• Keep clean machines: Prevent infections byupdating critical software as soon as patches or new operatingsystem versions are available. This includes mobile and otherinternet-connected devices.
• Lock down your login: Strongauthentication — requiring more than a username and password toaccess accounts — should be deployed on critical networks toprevent access through stolen or hacked credentials.
• Conduct regular backups of systems: Systemscan be restored in cases of ransomware and having current backup ofall data speeds the recovery process.
• Make better passwords: In cases wherepasswords are still used, require long, strong and unique passwordsto better harden accounts against intrusions.

Insurance and the financial services sector are among theindustries most vulnerable to cyber attacks. Consider the followingchart compiled by Statistica, the internet research agency, whichshows the industries that tend to be targeted by malware or ransomware, and what shape theseattacks might take.

You will find more statisticsat Statista.

Continue on…

Insurance and financial services are especially vulnerableto cyber attacks. (Photo: iStock)

Insurers survey WannaCry impact

In its summation of the impact the WannaCry attack could have oninsurers, the cyberinsurance and risk managementcompany Cyence determined that direct ransom costs could beabout $10 million. But executives worried that the deeper impactwill be felt by the attack's business interruption, which couldcost companies approximately $8 billion.

“Cyber insurance policies would respond to this event, but thereare a few factors which will limit insurer's ultimate exposure,”Cyence executives said in a prepared statement. “Cyber insurancepolicies have retentions/deductibles that are typically at leastfew thousand dollars. Since WannaCry's demand is only $300,this cost would be borne by the insured — not theinsurer.”

The best defense…

The best defense in a good offense. With that in mind, here arethe 10 tips that Kansas Insurance Commissioner Ken Selzer releasedto the public last week:

1. Set strong passwords and don't share them with anyone. Set themwith at least eight characters, including letters, numbers andsymbols.
2. When using unfamiliar websites, be sure the URL begins with“https.” The “s” at the end indicates it is a secure site.
3. Keep your operating system, browser, and other criticalsoftware optimized by installing updates, including antivirus andanti-spyware updates.
4. Maintain an open dialogue with your family, friends andcommunity about Internet safety. Let them know you take itseriously.
5. Limit the amount of personal information you post online, anduse privacy settings to avoid sharing information widely.
6. Be cautious about what you receive or read online — if itsounds too good to be true, it probably is. Also, if a messagesounds out of character for the sender, or includes nothing but alink in the body of the email, it may be suspicious. Check with theperson who purportedly sent you the message to make sure it islegitimate.
7. Cyber attackers often take advantage of current events toconduct “phishing” attacks, where they will attempt to obtainpersonal information by posing as a trustworthy organization.Verify the legitimacy of the organization's request by contactingthe company by another means.
8. Limit the type of business you conduct on public Wi-Finetworks. Don't do your online shopping from an internet café. Dobusiness with credible companies, and devote one credit card with asmall credit line to online purchases.
9. Password-protect your smart phone.
10. Finally, and maybe most importantly, check your homeowners oridentity theft insurance policies for the level of coverage youhave in case of a cyberattack on your devices.

“The continual increase in cyber traffic means that homecomputer networks and smart devices are more vulnerable” than ever,Selzer said. “We need to be vigilant in making sure our personalinformation is kept secure.”

PropertyCasualty360