As part of the Financial Services Council conference on Navigating Change, Managing Director Ian Pollard was asked to moderate a panel discussion on Data Fraud and Cyber Security. He was joined by Nick Thompson from Propello, Ian Fletcher from InPhySec, Paul Ash from DPMC and Carmen Vicelich from Data Insight.
Ian’s introduction to the panel discussion:
“Thank you to the committee for the opportunity to be here today. For those of you who know me this is a subject that is very close to my heart; and especially the insurance solutions surrounding such (Cyber insurance has been around for nearly 20 years).
As we all know the world has changed and is changing with the way it works with almost everyone working online; studying online; socialising online; dating online and shopping online. With the advent of the digital age – online systems and the internet are critical to our everyday lives and business alongside other utilities: water, power, and other key infrastructure.
The costs to New Zealand are staggering – depending on what you read: the cost of cybercrime would sit at anywhere between: $250 million-600 million. The cost to the global economy is reported to be up to USD1trillion.
Almost one in five small businesses in New Zealand have been targeted by a cyber-attack, with average losses of $19,000, according to Norton New Zealand SMB Cyber Security Survey of last year. This correlates nicely with the average cost of Cyber Claim we see.
The recently set up CERT (Computer Emergency Response Team) released its first report on the New Zealand cyber security threat landscape in August. The report shows that 364 reports of cyber security incidents have been made to the new cyber security agency in less than three months of operation. With more than $730,000 worth of direct financial losses caused by cyber-attacks.
According to Symantec – New Zealand was the fourth most targeted country in Asia Pacific from a Ransomware perspective.
From an insurance perspective – over 50% of our Cyber Insurance claims are ransomware related.
We’ve seen two high profile global ransomware attacks wreak havoc across the globe. WannaCry was a ransomware campaign that hit computer systems of businesses around the world in May. It was one of the largest global ransomware campaigns to date and targeted systems running unpatched versions of Windows. Like other ransomware, WannaCry is a type of malicious software that denies a user access to their files or computer system unless they pay a ransom. This impacted the UK and utilities, car manufacturers and telcos across Europe.
Hot on the heels of WannaCry was NotPetya
A new ransomware campaign referred to as NotPetya (originally reported as Petya) affected Microsoft Windows devices globally. A point of difference that this ransomware has from WannaCry is that once a single computer in a network is infected, the program looks for other computers on the network and infects them as well — even when they’re fully up to date. Companies reporting a problem as a result of NotPetya were widespread. Russia and Ukraine were most affected, with other victims spread across countries including the United States, Britain, France, Germany, Italy, Poland.”