News
Expert comment on Lloyds’s of London’s news ending coverage for state cyber attacks
August 2022 by Paul Brucciani, Cyber Security Advisor, WithSecure
Following Lloyds’s of London’s news that they are to end insurance coverage for state cyber attacks, Paul Brucciani, Cyber Security Advisor, WithSecure shares the following:
‘Lloyds’s of London exists to make money by underwriting risk. With profits already under pressure from the worldwide wave of ransomware claims, these have been exacerbated by the losses caused by cyber attacks precipitated by the Russian invasion of Ukraine. Even though Lloyd’s is no longer willing to underwrite losses arising from state-backed attacks, this is easier said than done.
Interpol Secretary General Jurgen Stock warned at the World Economic Forum in Davos, Switzerland, in May 2022 that nation-state malware could become a commodity on the dark web soon, making it much harder to distinguish criminal attacks from state-backed attacks. Criminal actors could perform reverse engineering of military-made malicious code and use their own versions in attacks ‘in the wild’. Nation-states with access to cyber weapons used in the conflict could also simulate ‘in the wild’ attacks, making the attribution impossible.
The cyber insurance market is hardening. Companies seeking cyber insurance should look at it as a source of emergency finance to pay for specialist technical and professional services support.
Companies can significantly reduce their cyber security risk by doing the following:
• Make those responsible for managing risk define the cyber risk management strategy
• Conduct regular, phishing awareness training
• Mandate multi-factor authentication to access network resources
• Use only password manager-generated passwords
• Maintain an inventory of IT assets and patch them regularly, to minimize your attack surface
• Impede attackers with proactive detection and response controls
• Rehearse what you would do when a security incident happens.’
