- S&P Global reports says reinsurers were left wanting more despite global reinsurance pricing gains at January renewals
- Bloomberg Intelligence report indicates US BI claims trial cases direction
- Insurance Europe publishes response to EIOPA on a potential methodology for the inclusion of climate change in the Solvency II natural catastrophe standard formula
- Aviva announced its plan to become a Net Zero carbon emissions company by 2040s
- ABI comments on publication of Statutory Instruments to amend Civil Procedure Rules and introduce Whiplash Tariffs
- COVID-19 and sustainability will be key insurance themes in 2021, says GlobalData
- Whitespace joins forces with Verisk’s Sequel to accelerate digital transformation of the global specialty market expired
- Juniper Research suggests value of premiums generated by InsurTech platforms will exceed $556bn in 2025, from $250bn in 2020 expired
- Core Specialty partners with Duck Creek Technologies for increased speed to market and operational efficiency expired
- EIS partners with esure Group to expedite its digital transformation expired
- Sapiens CEO reports on financials expired
- SiriusPoint launches with over $3bn in capital expired
13th January 2021
The next pandemic-level threat? A global cyberattack predicts Databarracks
The world was unprepared for COVID-19 despite pandemics figuring prominently in the UK’s National Risk Register; we must not repeat the mistakes of 2020, says databarracks.
Despite prior warnings that infectious disease pandemics presented a high-impact threat, COVID-19 seemed to catch governments and companies off guard. For disaster recovery and business continuity expert Databarracks, a global cyberattack–such as on a major cloud provider–has the potential to impact organisations in a similar way. Better preparation for such an event is therefore vital.
Peter Groucutt, managing director at Databarracks, comments “In November, AWS experienced an outage affecting a number of companies using its services, including Adobe, Roku and Glassdoor. The disruption lasted several hours, bringing to light not only our reliance on cloud, but also the risks to businesses when these services are no longer available.
For context, Infectious disease pandemics have been in the top ten of the World Economic Forum’s highest-impact risks since 2018. They have also appeared as one of the likeliest threats in the UK’s National Risk Register, and in regional Community Risk Registers. Despite this, prior to COVID-19, the majority of organisations didn’t have a plan for how to respond to a pandemic 66% according to our Data Health Check). The reason we have Risk Registers is to identify the most significant threats to your organisation–so you can plan and prepare for them. From a Business Continuity point of view, COVID-19 is a wake-up call to revisit those lists to see if anything else is being neglected.
“A global cyberattack–like one affecting a major cloud provider–could have a similar impact. This pandemic has shown the greatest continuity challenge is when everyone is impacted at once. These crises affect not only your own operations but your customers and entire supply chain all at the same time.
We’ve not yet seen a successful cyberattack on a major cloud provider, but it is inevitable: the recent attack on SolarWinds is an example of how far-reaching an attack can be. The cloud computing market is an oligopoly owned by a few key players, namely AWS, Microsoft and Google. These services are very well defended, but they’re also a target, and if they do get hit, the knock-on effect for all the companies hosted on them will be severe and long-lasting. If the breach is severe enough, the impact could affect businesses around the world–like a WannaCry but without the killswitch. So how do we take the lessons from the pandemic and apply them to preparations for a major cyberattack?
Firstly, diversify your supply chain. Make sure you’re not dependent on a single geographic area: a state-level attack could severely impact a single country, so having an alternate supply increases your resilience. At a minimum, be able to run your IT from multiple Availability Zones, Regions or consider going further and using a separate cloud provider as a backup.
More significantly, think about whether you could cope without IT for an extended period. This is something businesses that have suffered ransomware attacks have learned. Could your organisation operate without IT for a month? What if the cyberattack in question affected a large number of businesses, or your customers and suppliers lost their IT too?
Technology has made businesses much more efficient by automating manual tasks. However, this has also meant we’ve lost a lot of the manual processes we used to revert to. We need to put some of these back in place in response to this threat. Manual alternatives–such as helping customers place orders when your website is down–will always be less efficient and more expensive, but they can keep you operating.
Business continuity and risk professionals can take one positive from 2020: when they speak now, the organisation will listen. Let’s learn the lessons of the pandemic and make companies more resilient.”
Databarracks Trends(2 articles)
Cyber Trends(1,047 mentions in Insurance Newslink)
Research, Publications and Surveys(5840)