Fujitsu comment on news that cyber insurance claims are on the rise
May 2018 by Fujitsu
New data from AIG, one of the largest cyber insurers, shows its business in Europe, the Middle East and Africa received as many cyber claims last year as in the previous four years combined, far higher growth than that for the number of policies sold.
Mark Camillo, head of AIG’s European cyber business, said the growth in claims was partly the result of the rise in ransomware attacks, in which hackers freeze a target’s systems until a ransom is paid.
In response to this, Sarah Armstrong-Smith, Head Continuity & Resilience at Fujitsu UK & Ireland shares her thoughts:
“The significant rise in cyber insurance claims over the past year highlights the potential financial impact that suffering a major security breach can have on organisations.
“The damage caused by breaches can even tempt organisations to accept cyber criminals’ ransom demands. However, paying ransomware authors in the hope they will decrypt data is certainly not an advisable practice, and in fact, must be frowned upon. Instead, organisations should rethink their cybersecurity practices to ensure they’re implementing the right primary preventative measures which help them remain on the front foot for proactively identifying and managing threats before an attack occurs.
“Cyber Threat Intelligence (CTI) is a prime example of this. Using CTI as a back to basics approach for businesses should include having visibility of critical patches via an early warning system as soon as they’re released and patched accordingly - one such example is the SMB vulnerability last year where a patch was available months before it was exploited by serious ransomware variants.
“Where ransomware is successful, it is critical that customers have a robust business continuity and disaster recovery plan which should include how to respond to such incidents, a back-up policy and the ability to quickly restore any affected data and systems with minimal impact to operations.
“With GDPR almost upon us, companies need to be aware of all the channels cyber criminals can use to infiltrate the company and steal data, and take proactive steps to safeguard their main asset – data. Whilst organisations are right to be worried about the next strain of cybersecurity incidents, combining vulnerability management with threat intelligence will be a great use case for protecting corporate environments.”