WannaCry: Aussie SMEs dodge bullet this time, but risk remains

By Chris Dougherty, General Manager, Westlawn Insurance
25 May 2017

Worldwide cyberattacks are in the news again! It was only back in November last year that we reported on a massive cyberattack that shut down access to popular websites such as Twitter, PayPal, Spotify and Netflix. Australian media, banking and retail websites were also affected by that cyberattack. 

On Friday, 12 May, another cyberattack was unleashed on computer systems across the globe. This time, the culprit was a ransomware infection named WannaCry (also WannaCrypt or Wcry).

The appropriately-named WannaCry ransomware targeted access to database, multimedia, and archive files as well as MS Office documents.

To unlock infected files, the ransomware demanded victims cough up US$300 in Bitcoins within 7 days or else the files would be deleted.

European businesses and organisations were first to report their systems being locked by the ransomware before the infection spread worldwide over the weekend. The British National Health Service fell victim to the attack forcing a number of hospitals in England and Scotland to cancel procedures, while x-rays, test results and patient records became unavailable.

Spanish telco giant Telefonica and US delivery service FedEx also fell victim to the attack.

The attacks didn’t appear to target any particular country or industry with healthcare, manufacturing, energy, technology, food and beverage, education, media and government departments all targeted.

And, as ABC reported, WannaCry even turned up in some rather obscure places including on a screen in an Ontario building lobby, on a Thai billboard and on parking meters in the UK and the Netherlands.

Australia, however, appears to have gotten off fairly lightly this time. Early reports on the following Monday morning suggested just one Aussie business had been affected.

But by Tuesday, Cyber Security Minister Dan Tehan confirmed that 12 Australian small businesses had fallen victim to the WannaCry ransomware.

In a press release issued Tuesday morning, the Minister stated that:

“Small business owners should be pro-active about their cyber security in the wake of this ransomware campaign affecting computers around the world.”

Speaking to ABC in the wake of the attack, Minister Tehan said the impact of ransomware on the Australian economy each year is conservatively estimated at around $1 billion.

Who to contact

Report any suspected ransomware attack to the Australian Cybercrime Online Reporting Network click here.

For information on how to protect your business, visit the Australian Cyber Security Centre website by clicking here. Or, you can call them on 1300 292 371 (1300 CYBER1).

Are NSW SME owners too complacent about cybercrime?

In what could be regarded as perfect timing, the Office of the NSW Small Business Commissioner this month released a study into the attitudes of NSW small and medium-sized businesses in relation to cybercrime.

Some of the key findings of the study, which included 1,400 respondents, include:

  • Almost one-third of NSW small businesses have been victims of cybercrime.
  • 50% limit their digital exposure to a business website with contact details and social media, believing this makes them less exposed to cybercrime.
  • Only 10% consider cybercrime a number one priority, with NSW business owners ranking cybercrime as the fifth biggest risk to their business.
  • Two-thirds believe they are well-informed about cybercrime risks and 80% said they could respond to a security breach (making SME owners more confident than most ASX-listed companies).
  • Areas of most concern include email fraud, social media hacking, online banking fraud, malware and crypto-ransomware.
  • Insurance is not being effectively utilised as a risk management tool, with only one-fifth of SMEs indicating that their business is currently protected through cyber insurance.

You can download the Cyber Scare: A look at small to medium-sized business and the emergence of cybercrime in Australia report here.

Protect your business with cyber insurance

Specialist cyber insurance policies can provide protection to businesses of all sizes.

Typically, cyber insurance will cover:

  • Network interruption costs
  • Crisis management
  • Remediation and forensic investigation
  • Data restoration, and
  • Third-party claims for unauthorised publication of data.

Cyber insurance policies will vary in the benefits they provide. Your Westlawn Insurance Broker can help find the most suitable policy to meet your individual business needs.

As an example, here are the potential benefits cyber insurance can provide:

Type of coverPotential benefits
First party losses
Business interruption lossesCovers financial loss you may suffer as a result of a cyberattack.
Cyber extortionThe costs of a cyberattack, such as hiring negotiation experts, covering extortion demands and prevention of further threats.
Electronic data replacementCosts of recovering or replacing records and other business data.
Third party losses
Security and privacy liabilityDamage to your reputation resulting from data breaches, such as loss of third party data held on your system.
Defence costsFunds legal costs of defending claims.
Regulatory breach liabilityLegal expenses and costs of fines arising from investigation by government regulator.
Electronic media liabilityCosts of copyright infringement, defamation claims and misuse of certain types of intellectual property online.
Extra expenses
Crisis management expensesCovers costs of managing a crisis caused by cyber hackers.
Notification and monitoring expensesCosts of notifying customers of a security breach, and monitoring their credit card details to prevent further attacks.

Source: Steadfast https://www.steadfast.com.au/supplementary-pages/products/cyber-insurance.aspx

What usually isn’t covered

Exclusions and the excess can vary depending on insurer. Policies generally won’t cover:

  • Damage to computer hardware
  • Criminal actions committed by you or your business
  • A cyberattack based on facts of which you were aware, or
  • Criminals using the internet to steal money from you.

For more information on what cyber insurance can cover, see our article Cybercrime on the rise: How to protect your business

Contact Westlawn about cyber insurance

Westlawn Insurance Brokers have access to a number of specialist cyber insurance policies to cover your business against the risks of cybercrime.

To learn more about insurance to protect your business from cyberattack, contact Westlawn Insurance Brokers today.

In an interesting postscript to the WannaCry ransomware saga, The Guardian has reported that a 22-year-old who lives with his parents stopped the worldwide malware hack by registering a domain for $10.69.

Copyright © 2017