Ransomware attacks remain on the increase

Last week, news broke that an insurance broker, Ardonagh, had suffered a ransomware attack, and a little over two weeks ago the giant US-based insurance broker, Arthur J. Gallagher, suffered a ransomware attack which forced it to shut down its global operational systems.  It should come as no surprise that financial institutions, including insurance entities, are often targeted.  Not least, they hold huge amounts of personal customer data, as well as having ready access to financial resources. 

We have previously written on the topic of increased cyber-attacks during lockdown, and it is the insurance industry which currently appears to be bearing the brunt of this increase in criminal cyber activity.  The ransomware attack on Ardonagh last week required over 200 internal user accounts to be suspended.  At present, it is unclear whether or not the perpetrators were able to extract data upon which to demand a ransom, and indeed, whether or not any such ransom was ever paid.

Although early indications are that the Ardonagh attack was quickly contained, with limited collateral damage, the cost of such attacks for businesses goes far beyond the ransom sums themselves or investigating I.T. vulnerabilities.  More often than not, an organisation's productivity can be severely disrupted where ransomware has penetrated computer systems which, in and of itself, can prove incredibly costly.  The Ardonagh attack is a prime example of this, as the suspension of over 200 internal user accounts is highly likely to have interrupted business service.  This is particularly so, as we understand the relevant accounts to have had specific administrative privileges, meaning that key employees were potentially unable to access the company's I.T. system for a period of time.

In July of this year, Willis Tower Watson published a cyber claims analysis report which found that there had been a very noticeable increase in ransomware attacks during 2019.  The report also found that cybercriminals were sharing their offerings with one another, distributing malware, and apportioning amongst themselves any ransoms that were eventually paid by businesses (or in some cases, their insurers).  Not only this, but ransomware attacks were considered to have a high average severity when compared to other types of cyber incidents, such as social engineering or Denial of Service ('DOS') attacks.  This reality, it seems, is being harnessed by cybercriminals to the disadvantage of businesses of all shapes and sizes.

Given  the ICO's ever-increasing desire to levy fines under the GDPR for data breaches, financial institutions (including those operating in the insurance sector), are arguably more vulnerable now than ever before.  It is therefore very important that these businesses remain increasingly vigilant if they are to avoid being targeted by cyber-criminals.