Nearly hundred nations, including India were hit by what it was believed to be one of the biggest ever recorded cyber-attack that used ‘cyber weapons’ stolen from the USA’ National Security Agency to lock computers for ransom.
Officials throughout the world scrambled to catch the culprits behind a large ransomware worm, “WannaCry”, which interrupted operations at different locations, including hospitals, shops, and schools. Ransomware— a type of malicious software designed to block access to a computer system until a ransom is paid, is believed to attack hundreds or thousands of computers across the globe. India was among the top three nations worst hit by the attack.
There has been an exponential rise in the number of cyberattacks as Indian companies have been hit again and again by computer viruses.
Here are some of the businesses which can be attacked by cybercriminals:
- Banks= Undeniably, it tops our list. Thanks to the demonetization move of our honorable Prime Minister, Mr. Narendra Modi, there has been a spurt in the number of people using the online banking system. According to Law and IT Minister, Mr. Ravi Shankar Prasad, digital transactions have increased in the range of 400 to 1,000% in the country since demonetization. However, this rise has also resulted in the increase in cyber-attacks. In one of the possibly biggest ever breaches of financial data, around 3.2 million debit cardholders of different banks, like SBI, HDFC, ICICI Bank, Yes Bank, etc.; were severely hit by cyber-fraud when their ATM details were compromised. In most of the cases, banks either had to ask users to change their security code or replace it with new cards.
Overall, banks are exposed to various types of cyber risks, ranging from the actual monetary loss, securities, liabilities arising from third-party data to loss of material data, vandalism of websites or mobile application, ATM rollback and other expenses like data restoration.
- Multinational corporates= While, the internet has simplified the business activities, it has also become prey to cyber-attackers who are violating the company’s system to extract confidential data, including project details, client’s information, product information, company’s future plans, etc. Other cyber risks include disclosure of confidential information that could result in allegations or defamations.
- Hospitals= With the rise in the growth of electronic record keeping and digital communication, it is obvious for hospitals and other healthcare facilities to collect a great deal of confidential information about their employees, procedures, patients, research, and financial status. Most of this vital information is collected, stored, and transmitted to computers, which are then digitally transmitted to other networks both internally and externally.
Breaching the integrity of computers with firewalls or virus is possible. A breach can happen even from simple mistakes like misplaced laptop, unprotected backup media, etc. Such kinds of breaches entail a large-scale theft, pilferage, and fraud of sensitive medical data. Fraudsters use names, date of birth, policy number and billing information to create fake IDs to purchase medicines which they resold. In some cases, they falsely use the information to file fake insurance claims. Sadly, medical identity theft is often not immediately recognized by a patient or hospital, which make medical data more valuable than debit/cards, which tend to be quickly cancelled by a bank once the fraud is detected.
In addition to the above, companies with large technology related and Internet-related operations and those organisations which store a vast quantity of data are also facing the cyber security threats. Moreover, it is not only big companies that are dealing with internet attacks, but in fact various mid-and small level companies are also vulnerable to these risks. In short, cyber crimes are prevalent in all those companies which are using the internet and technology as a part of its business.
There has been a rise in ransomware cases over the last few years. Today, cybercriminals have become tech-savvy and each ransomware has its unique way of encrypting machines. In fact, cyber attackers are leveraging the fact that the Indian government is pushing to make all the information available online.
Sadly, organizations consider their approach towards cyber security only when a ransomware hits them. Moreover, it is not only the outsiders who breach the privacy, but employees are also sometimes invaded the company’s IT security. Whether it is a targeted attack, an insider attack or a criminal fraud targeting websites, data breaches are on the rise, which ultimately leads to catastrophic effects on an organization’s brand and reputation. This is where, the need for a cyber risk liability insurance policy arises. As businesses are becoming more resilient on the internet and advanced technologies, it makes complete sense to go with a cyber risk insurance policy which will offer coverage against impaired access liability, unauthorized access, tampering of facts, invasion of confidential data, cyber extortion, terrorism threat, etc.
Mainly, it is not only about checking off a box, but finding a policy that completely insures the organization’s brand and operations, if there is a breach. Therefore, it is the high time that an organization starts developing a sophisticated information system and back it up with a cyber risk liability insurance policy to ensure the security of confidential information, content, and knowledge.