Category: Cyber

Tanker group says it faced cyber attack in July

A company that owns fleets of tankers including VLCCs, product tankers and others was hit by a cyber security breach that allowed hackers to gain access to the company’s computer systems.

BW Group told Riviera Maritime Media that the attack happened in July, making it the first shipping-related cyber security breach reported since the NotPetya virus took down the operations of container shipping giant Maersk in late June.

“We had an unauthorised access some time back in July and actions have been taken to rectify the matter,” a BW Group spokesperson confirmed to Riviera Maritime Media in an email exchange.

“Internal and external communications to customers and stakeholders were not impacted, and it was business as usual with some inconveniences … We worked around planned system downtimes as our IT department, with assistance of external consultants, reinforced our cyber security infrastructure.”

According to market intelligence analysts S&P Global, BW Group brought in KPMG’s cyber security consultancy to perform a forensic audit of their systems and the company is working with UK telecommunications giant BT and others to implement new cyber security products.

Cyber attacks against large organisations and businesses have made headlines in recent months after millions were lost in attacks from ransomware viruses such as the WannaCry ransomware and the NotPetya virus, which some researchers have argued was not designed to be used as ransomware.

BW Group has confirmed that the breach of its company’s computer systems did not involve ransomware.

Diane Jenkins, a risk management software consultant who helped to develop the first cyber insurance search engine discussed with Riviera Maritime Media the difficulties in determining the full costs of attacks like those that happened to Maersk. More than 90 days since that attack, she pointed out, Maersk still hadn’t tracked down some of its missing containers.

“How much business interruption loss are they going to face?” Ms Jenkins asked. “We just do not know yet.”

To this point, the NotPetya attack on Maersk is estimated to have cost the company up to US$300M. BW Group did not divulge any information regarding any loss of data or financial assets due to the unauthorised access to its company’s computers.

Tue 17 Oct 2017 by Jamey Bergman,tanker-group-says-it-faced-cyber-attack-in-july_49564.htm


Should individuals buy insurance against cyber attacks?

Cyber cover has been one of the hottest topics in the insurance world for the past few years. Insurers have been tripping over each other to offer policies that protect their customers against the worst that cyber criminals can throw at them.

Those customers have been exclusively in the corporate world, with companies insuring themselves against the kind of attacks faced by retailers including Home Depot, Staples and Tesco, TalkTalk, the telecoms company, Equifax the consumer credit reporting agency and countless others.

Earlier this year, however, US-based AIG launched FamilyCyberEdge, a policy aimed at individuals. It was a pioneer in the field, but is not the only one. Others including UK-based Hiscox and Munich Re-owned Hartford Steam Boiler have also been rolling out personal cyber insurance.

They all think the market has huge potential.

“We’ve seen an explosion of interest from our brokers and agents, and from financial advisers,” says Anna Brusco of AIG’s private client group.

AIG and its peers have developed products that cover anything that could go wrong with a customer’s own IT systems. AIG’s cover ranges from data restoration after an attack to advice if the customer is a victim of cyber extortion or cyber bullying. It will also cover reputation management that will pay out on the cost of hiring a crisis consultant if compromising photos or texts are leaked from a hacked device.

Hiscox’s personal cyber insurance covers similar risks. “It is a service-driven proposition,” says Stephen Ridley, a senior underwriter specialising in cyber and data at Hiscox. As well as providing insurance, the company helps customers improve their personal cyber security. “We work with Dynarisk, an online risk management tool, which can provide an individual with a score and tips on how to improve it.”

The products go beyond the identify theft protection sold by Lifelock, a company that was bought by Symantec last year for $2.3bn.

Hiscox and AIG have aimed their personal cyber insurance at rich individuals, who may have a lot to lose if their systems are attacked.

“High-net-worth families and individuals take on commercial-type exposures,” says Jerry Hourihan, president of the private client group at AIG. “AIG has developed a well of commercial cyber expertise, and we are bringing that to [wealthy individuals].” AIG said its cyber cover would cost around 10 to 15 per cent of the cost of a home insurance policy.

Hartford Steam Boiler — which sells its product via other insurance companies — believes that its cyber policy, which costs as little as $30 per year, could have an appeal beyond the very rich.

“All the major homeowner [insurers] are anxious to provide some sort of cyber offering,” says Tim Zeilman, a cyber insurance specialist at Hartford Steam Boiler. “People seem to think that it is going to be a standard part of homeowner’s cover in the next five to 10 years.”

“People seem to think that it is going to be a standard part of homeowner’s cover in the next five to 10 years.”

Tim Zeilman, a cyber insurance specialist at Hartford Steam Boiler
While banks, retailers or credit card companies can sometimes be held responsible for losing their customers’ data, he says, they cannot be relied upon to cover the costs of everything that might go wrong. In cases of fraud and ransomware, for example, individuals might find themselves liable for the costs.

“Cyber is an easy thing to talk to, and to persuade people that they need because of the constant media attention,” says Mr Zeilman.

Not everybody is convinced that we should be buying our own cyber insurance, however. Josephine Wolff is an assistant professor at the Rochester Institute of Technology in the US. She says that, for most people, personal cyber insurance is not necessary.

“If you are a very high-net-worth individual, then it is possible that this would make sense. For other people the costs [of a cyber attack] are not so high.”

She adds: “It is very hard to put price tags on breaches, especially how they affect individuals. Most of the time the individuals are not on the hook — the charges are absorbed by banks, retailers or payment companies.”

She worries that, if personal cyber insurance becomes widespread, then it will send the wrong message to the companies who hold data, effectively discouraging them from investing in their own IT systems. She is also concerned about insurers paying out for ransom demands. “Systemically, it does not put in place the right incentives,” she says.

Despite those doubts, people involved with cyber insurance believe that in future it will be a regular purchase as homes become more connected.

“A typical home we insure has 20 devices that are WiFi enabled and vulnerable to hacking,” says Mr Hourihan. “It is our job to be on offence to help people understand what the risks are.”

Mr Ridley says that the key to the expansion of the personal cyber insurance will be finding the right routes to market. “If may be something to be bought alongside your bank account, just as you have accounts that include travel insurance,” he says.

“Insurance premiums are not going to be huge, so insurers will have to partner with banks and other consumer groups.”