Suite 27, Liberty House, The Enterprise Centre, Greenham Business Park

Cyber-attack report puts a $193 billion price tag on clean up – but who cares?

31 Jan

By: Shannon Elliott

News, info & events

This week, Lloyd’s of London published a report which showed that a global ransomware cyber-attack could cost almost $200bn in losses and affect more than 600,000 businesses within just one day.

money

The report, Bashe Attack: Global infection by contagious malware, was based on a scenario where an attack is launched through an infected email which, once opened by an employee is forwarded to all contacts and, within just 24 hours, all data on 30 million devices worldwide is encrypted, leaving companies and other organisations forced to pay a ransom to decrypt it or replace the infected devices.

What is telling about this report is that the predicted impact, $193 billion, hasn’t been met with more shock among those who have read and commented on it, nor has the fact that a whopping 86% of those predicted losses aren’t insured.

The level of potential losses – $89 billion in the USA with Europe second hardest hit at $76 billion followed by Asia at $19 billion – should send shockwaves through businesses and have them hastily dialling their brokers to buy cyber insurance cover, which is doubtless the point of the insurance industry issuing a report highlighting the possibility and outcome of such an attack.

The trouble is, despite news outlets picking up and repeating the findings, the likelihood of businesses taking the threat seriously is, we believe, remote. Despite cybersecurity constantly appearing among the top priorities of many business leaders, investment to prevent it, or clean up after it, remains insufficient.  Businesses appear to be totally oblivious to, or content to ignore, the real risks they’re facing every day.

And while insurance cover definitely has its place, to help with the IT clean up, replacement of irreparable devices and mitigate business losses, it shouldn’t be the first cyber-related cost a business considers.

It’s far better to invest in prevention: to use all available tools and training to ensure that business systems are robust and, along with vigilant employees, can spot and stop a malware or other cyber-attack in its tracks.

There are so many products now available, such as automated penetration testing systems to highlight potential vulnerabilities or products which can strengthen defences.  There are positive steps each and every business can take to reduce the risk of suffering an attack and the resulting impact on business operations, income and customer confidence.  And, of course, the greater the investment in prevention, the better their risk profile is and the lower their cyber insurance premiums are likely to be, should they choose to buy coverage.

At EnterpriseRed, we work with leading providers of cybersecurity products and services and highly recommend that any business contact us to have a no-obligation discussion about what we might do to help them avoid the kind of catastrophic effects this latest report shows can easily happen after just one malevolent email is opened by an unsuspecting employee.