The health system’s problem has morphed into a social problem – and also one for your organization. In an interconnected world, business leaders must look at risk holistically and build resilience within their organizations to the impact of a cyber-attack on critical infrastructure.
The Global Risks Report (GRR), published by the World Economic Forum (WEF) in collaboration with leading institutions such as Zurich Insurance Group, identifies cyber-attacks and data fraud/theft are two of the five main risks facing business in terms of perceived likelihood this year. The report also warns that the growing interconnectedness of the world means that what were once distant problems can now escalate and reach our doorsteps extremely quickly.
A frightening example of connectivity lifting cyber risk to a new level occurred in May 2017, when the WannaCry ransomware attack froze 300,000 computers in more than 150 countries. Hospitals and general practices in the UK’s National Health Service (NHS) were impacted, locking patient records and ultimately leading to 6,900 appointments cancelled.
Lori Bailey, Global Head of Cyber Risk, Commercial Insurance at Zurich Insurance Group, calls this a “pivotal point” for cyber-based claims because of its high cost – and the type of claims we might see in the future.
“What made WannaCry so unusual was that it didn’t affect just one industry or one specific size of company; it actually exploited a vulnerability in an operating system that many different companies used,” she says.
Paige H. Adams, Group Chief Information Security Officer, Global Information Security, Zurich Insurance Group, says that increasing cyber dependency globally coupled with the ease of access to sophisticated hacking tools is a dangerous mix.
“This accessibility, combined with the low risk of getting caught or prosecuted for cybercrime activity, results in a low risk/high reward scenario for cybercriminals, which is serving to increase the frequency of these activities. The effectiveness of cyber risk policing is hindered by a lack of international agreements and legal frameworks on global crime,” Adams says.
Although no NHS medical records were compromised by WannaCry, ransomware presents a particular concern to healthcare and financial institutions because of the sheer volume of sensitive personal data they hold. Crucially, the attack highlights the dependency and fragility of critical infrastructure to any organization’s operations.