Contacts
It looks to be an interesting year in the world of cyber-crime risk management. And when we say “interesting” we mean ever-increasing activity and escalating losses. Here’s an example of what we’re facing.
Early in the morning on March 19, 2019, Norsk Hydro, a global aluminum auto parts supplier, became the victim of a ransomware cyber-attack. The malware encrypted their files and brought operations to a halt in multiple locations. The attack forced Hydro to stop normal operations and switch the affected areas to manual operation.
The cyber-criminals demanded a ransom to have the computer system unlocked and restored. But Hydro refused and decided the best course of action was to rebuild their network system.
So, the cyber-attack cost them nothing? Hardly. Norsk reports the attack ultimately cost them $52 million and delayed their scheduled April 30 earnings report all the way to June 5, 2019. It also affected many of their downstream customers, including large auto manufacturers, and caused many industries to lose income.
It appears that Norsk Hydro reacted correctly to the event. They had a plan, executed it well, and were able to be mostly doing business as usual within six months. This is in stark contrast to organizations impacted by the NotPetya malware in 2017. That event cost many organizations that were not even the original targets millions of dollars, including the recently announced $870 million in damages suffered by Merck.
Recently, ransomware attacks have been demanding more and more from victims. Initial demands are now as high as $64 million — and cyber criminals are putting escalators into their demands, insisting organizations pay immediately or face increasing ransom costs.
The lack of a “silver bullet” solution
A key problem with cyber-attacks is that, unlike weather disasters such as hurricanes where we have a hundred years of data to draw conclusions from, cyber-crime is still too new to be anywhere near predictable. And it continues to shift gears, often too fast for the world to keep pace. So, no one has yet developed a viable answer.
Great. So, how do you find the right protection and the right insurance?
Finding the right insurance partner
The cyber protection market has been inundated with new entrants over the past few years — some have thrived, while others have not been nearly as successful. Now we are seeing the market beginning to slow.
It is also important to note that not every company is providing the same coverage for the same price, and there is definitely an often significant difference in what they offer in terms of pre- and post-breach services.
Having multiple carriers in this field has served one purpose: keeping the price low because of the additional competition and capacity. This has had an interesting effect on some of the more established carriers that are starting to feel the heat because they’ve had experience paying out on claims. We expect this will ultimately have a direct effect on rates.
This has resulted in a challenging market where often the best price is not the best value. It is important to understand that many carriers offer excellent tools and services, including training, access to breach coaches and first-rate legal teams. And, although those come with a higher price tag, they can be highly effective in keeping the possibility of cyber-damage to a minimum. And that results in a better value for the insurance buyer.
Marsh & McLennan Agency can help
To learn more, visit marshmma.com/offerings/cyber-liability, or contact your Marsh & McLennan Agency representative.
You May Also Be Interested In
- Blog
12.23.2020
Solarwinds Cyber Incident
- Blog
10.19.2020
Client Advisory: Increasing Cyber Risks in the Transportation Industry
- Blog
10.16.2020
Client Advisory: Dealing with Increasing Cyber Risks in the Biotech Industry
- Blog
10.14.2020
Cyber Risk in Our New World
- Blog
10.14.2020
Client Advisory: Dealing with Increasing Cyber Risks in Manufacturing
- Blog
10.12.2020
Client Advisory: Dealing with Increasing Cyber Risks in the Health Care Industry
- Blog
10.09.2020
Client Advisory: Dealing with Increasing Cyber Risks in the Construction Industry
- Event
10.08.2020
Webcast | A Tale of Two Breaches
- Blog
10.07.2020
Cybersecurity: Managing Risk in the COVID-19 Era
- Blog
10.05.2020
Why HR is a Key Stakeholder in Cyber Risk Management
- Blog
10.02.2020
Network Security & Privacy Considerations When Organization Shift from WFH to Office Environment
- Blog
09.30.2020
Elements of Cyber Insurance Coverage
- Blog
09.28.2020
Cyber Security and Privacy Concerns: COVID-19
- Event
09.16.2020
Webinar | Cyber Incident Response
- Event
07.14.2020
Webinar | Cyber Security-The Complex & Inevitable Exposure
- Event
06.25.2020
Webcast | Navigating the Cyber Liability as Organizations Return to the Workplace
- Blog
04.27.2020
Client Advisory: Dealing with increasing retail cyber risks during the COVID-19 crisis
- Event
10.15.2019
Webinar | New Cyber Privacy Regulations & Risks Affecting U.S. Businesses
- Blog
10.07.2019
The State of Cyber Security
- Blog
09.03.2019
12 Best Practices to Secure and Protect Passwords
- Blog
03.11.2019
Protect Your Business from these 5 Cybersecurity Risks
- News
12.21.2018
Social Engineering Fraud
- Blog
12.19.2018
Does Your Company Know What To Do After a Cyber-Attack?
- Blog
11.26.2018
Five Critical Risks Impacting Public Sector Organizations Today
- Event
10.25.2018
Framework of a Cyber Breach
- Blog
10.19.2018
IoT-connected Devices Are Increasing Cyber Risk Exposure
- Blog
09.04.2018
15 Best Practices to Protect Your Website From Malware & Cyber-Hacking
- Blog
08.28.2018
Why Manufacturing Companies are Now More Susceptible to Data Breaches
- Blog
06.19.2018
2018 Cyber & Data Security Risk Survey Report
- Blog
05.08.2018
GDPR is Coming. Are You Ready?
- Blog
04.04.2018
Electronic Logging Devices - A Hacker's New Window?
- Blog
10.06.2017
The 4 Myths of IT Data Security
- Blog
09.15.2017
Cyber Breach - Equifax
- Blog
06.08.2016
2015 & 2016 Cyber & Data Security Risk Survey Report