“Wannacry” Cyber Attack Is a Nightmare for Companies

Cybercrime Attacks Will Continue to Be Among the Greatest Challenges for Companies in the Future

On May 12, criminals launched a large-scale attack infecting hundreds of thousands of computers around the world with the ransomware “WannaCry”, which encrypts data on the computer systems and users are only able to retrieve the data upon paying a ransom. The criminals took advantage of a critical vulnerability with the American intelligence organization NSA.

Major companies and institutions all over the world have also been affected by the “WannaCry” trojan: The ticket machines and display boards of the German rail company Deutsche Bahn stopped functioning, and in the Netherlands the payment machines at Q-Park parking garages and other company websites no longer worked. In Russia, computers at the Ministry of the Interior were infected, while the logistics company FedEx in the United States and the French auto manufacturer Renault even had to stop production. The extent of the economic consequences for companies remains unclear.

 

Global Damage Due to Cybercrime Approx. €400 Billion

In its 2015 report, for example, the German Federal Criminal Police Office (BKA) documented over 45,793 offences in the area of cybercrime and estimates damages incurred by German companies to be over €40 billion. According to the international study “Taking the Offensive – Working together to disrupt digital crime” published by BT and KPMG, digital crime amounts to €400 billion in damages worldwide.

Figures from the 2015 “Federal Cybercrime Report” by the BKA

 

Depending on the source, one out of every two to three companies is affected by various types of cyber attacks. Computer fraud (keyword: phishing) is the most common type of cybercrime. According to a survey of the industry association Bitcom in 2016, the real figures are much higher given that there is a large gray area since many companies do not report any damages due to cybercrime.

The EU data protection guideline, which will enter into effect in 2018, includes an EU-wide reporting obligation for companies. Small and medium-sized companies, which often have low IT standards, are particularly at risk. KPMG stated in April 2017 that these crimes can usually be traced back to China, USA, Russia and Eastern Europe. However, the detection rate of such crimes remains extremely low.

 

Experts Expect Rise in Cybercrime

Experts suggest that the frequency and severity of these offences will increase. With the new digital concepts like the internet of things and industry 4.0, industrial plants or self-propelled cars can be a potential target for cyber criminals.

Every company must deal with the question of what the consequences would be if customer data and credit card details were stolen, new product developments were in the hands of the competition, money were unlawfully withdrawn from bank accounts, or their website were to be hacked. The consequences would be devastating for most companies.

 

Cybersecurity Will Become a Core Competence of Any Company

Therefore, cybersecurity is a key topic for future-oriented corporate governance. Professionals recommend using firewalls and encryption programs, quickly installing program updates, ensuring frequent backups, as well as making employees aware of potential dangers when using digital systems.

New business divisions are emerging both for the insurance industry as well as the consulting branches of the Big Four: Cyberrisk issues are part of the consulting portfolio of large companies and cyber insurance policies are the new trend among providers such as AXA and HDI. Depending on the policy, in-house and third-party damages or costs may be covered for any potential crisis PR measures that may become necessary due to a cyber attack. However, the challenge for any company remains finding the right package for each individual situation.

 

Links:

International study “Taking the Offensive- Working together to disrupt digital crime” by BT and KPMG

2015 Report by the German Federal Criminal Police Office