Hot on the heels of Friday´s meltdown from the WannaCry ransomware the World is now told by security experts to expect a renewed assault as early as Monday 16th May.

The potential appears to be twofold. Firstly, as computers are switched on for the first time from Friday´s attack there is a likelihood that the ransomware will be activated on some of these machines. Secondly, the quick fix from MalwareTech to activate a kill-switch may not be the long term solution. From his twitter account MalwareTech said hackers could upgrade the virus. “Version 1 of WannaCrypt was stoppable but version 2.0 will likely remove the flaw,” and “You’re only safe if you patch ASAP.”

Albion´s advice to clients in the short terms is to update Windows, update antivirus and malware software, back up your system and don´t click on links within email unless you are certain that all is well. Do the basics well and you should see this out. In the medium to long term look at your ERM approach and evaluate risks within the context of the entire business including your supply chain and service providers. Do not just consider this an internal IT problem.

Commercial Insurance Limitations

Take time to examine your commercial cyber insurance policy. There are limitations and exclusions you need to be aware of. As mentioned in previous blogs there can be some sneaky exclusions when it comes to downloading, file sharing and security deficiencies. Do not assume your commercial cover will protect you. Before you have an issue, speak with your insurance agent and make sure you fully understand what is covered and more over what is not.

Captive Risk Pools - Potential For Aggregate Losses

The systemic nature of this cyber attack has some captive risk pools concerned about the aggregate exposure that they may face from cyber attacks. It maybe easy to pay the ransom this time but the next attack may be more serious with insurers facing multimillion dollar losses.

For risk pools clients who employ enterprise risk management the issues may be limited. For those pools that willingly accept risk irrespective of the insured´s approach to risk the exposures may be chilling.

Obviously, there are things that can be done for the risk pools such as reminding clients what to do for basic risk management or purchasing reinsurance. However, much of the actions will be reactive to the wake up call from WannaCry.

ERM coupled with a captive insurance approach is considered to be one of the best ways to control your companies risk exposures but if the captive pools risk with others they may be throwing the baby out with the bathwater. Captives should employ their own risk management and fully investigate a pooling facilities corporate governance before joining.

Albion Risk Consulting, S.A.