Asian companies see little need for insurance against cyber attack, with less than 20pc insured

Companies in Asia lag behind those in the US in cyber insurance coverage, even as global awareness has been raised in the wake of cyberattacks such as ransomware WannaCry last year, according to FM Global, a mutual property insurer based in Rhode Island, New England.

Less than 20 per cent of companies in Asia are insured against cyberattacks, while around 66 per cent in the US have purchased protection, FM Global’s vice-president and manager of cyber risk insurance products Grace Ries said.

Cybersecurity complaints rose to a record high last year amid an 80 per cent rise in malware attacks, according to the Hong Kong Computer Emergency Response Team (HKCERT), the city’s information security watchdog. It also warned that malware attacks such as WannaCry will continue to surge this year.

The ransomware which was detected in May affected more than 400,000 machines in 150 countries, including the UK’s National Healthcare System and Spain’s largest telecoms company Telefonica. WannaCry encrypts files on computers running the Microsoft Windows operating system, making them impossible for users to access, then demands a ransom payment in bitcoin.

“Finding solutions [for cyberattacks] is still in a growth phase in Asia,” Ries said. “But awareness is on the rise.”

On Wednesday, Hong Kong Broadband Network, the city’s second largest fixed-line residential broadband service provider, said personal data of some 380,000 customers was compromised due to unauthorised access to its database. Information relating to around 40,000 credit cards may have been leaked, according to reports.

Across the globe, there were around 53,000 cybersecurity incidents and 2,216 confirmed data breaches last year, according to the 2018 Data Breach Investigations Report by US telecommunication giant Verizon. Around 40 per cent of the incidents were Denial of Service (DoS), which involves cyber criminals using hijacked and virus-infected devices to overwhelm and dysfunction targeted websites with data requests.

In 2003, FM Global included DoS to cover the non-physical damage caused to computer systems, as part of the insurer’s property insurance package, Ries said.

Another trend in cyber insurance is to include cloud coverage, amid growth in the number of companies relying on cloud computing solutions.

“[Cloud computing] now creates a different exposure to cyber risk since such service providers are out of their control,” she said.

Among industries, manufacturing companies are increasing buying cyber risk products to help protect against damage to factories that are increasingly reliant on the internet.

“Large pieces of machinery equipment, such as boilers, conveyor belts – even robots that manage warehousing – are connected to the internet,” Ries said.

She also cited the growing trend of the internet of things as a reason for companies to defend against cybercrimes.

“If hackers manipulate the temperature of the boiler from 100 Celsius to 400 Celsius, a very simple manipulation, there will be a fire or explosion, which can take multiple devices and factories down at the same time, as they are all connected,” Ries said.

Meanwhile financial institutions, as well as companies involved in health care and education are prone to data breaches, which suggests they should get in front of the risks by actively finding loopholes in their computer system and repairing them, Ries said.

“Most loss is preventable, including cyber,” she said, adding that companies should adopt an offensive strategy to safeguard against hackers.