Equifax hack acts as a cyber ‘case study’

by |
The recent hack on global credit reporting company Equifax can act as a case study for brokers and their clients on what to do, and what not to do, in the event of a cyberattack, an expert has said.

The hack, which was announced a month ago and was then said to have impacted 143 million people, has since been revealed to be worse than originally feared with a further 2.5 million people affected.

Meena Wahi, a specialist cyber broker and director of Cyber Data-Risk Managers, said that the hack and the fall-out following the breach – which has seen Equifax’s CEO retire and class action cases launched – could act as a “very typical” case study for brokers and clients.

“From an insurance perspective, I would urge my clients, especially businesses who don’t have insurance, to look at it as a case study,” Wahi told Insurance Business. “It is really an example that demonstrates no business can take cyber security lightly and, especially with larger enterprises, they are vulnerable on so many fronts.”

The attack came as Equifax failed to patch a vulnerability in its system, which was then exploited by unknown hackers. It took six weeks for Equifax to notify customers impacted as high-level executives sold off almost US$2 million in stock after discovering the breach in late July, before the firm went public with the news, according to The Washington Post.

Wahi said that the hack itself highlighted that businesses of any size cannot afford to let their guard down when it comes to cyber protection.

“You cannot think that you can relax on security and imagine that you will not have a data breach,” Wahi continued. “It highlights that a business their size didn’t have incident response planning and it highlights that, despite everything, a business can still make a stupid mistake and still have a data breach.”

Patch management has been to blame for several large scale cyberattacks so far in 2017, with both Petya and Wannacry earlier in the year exploiting similar vulnerabilities. Wahi said that brokers must ensure that clients keep up-to-date on their patch management or they could face a denial of claim.

“It can happen to any business, small or big,” Wahi noted. “Any website can get hit because they haven’t closed the vulnerability.”


Related stories:
Swiss Re looks at the expanding role of innovation in insurance 
Time running out to prepare for major cyber legislation

Corporate Risk & Insurance forum is the place for positive industry interaction and welcomes your professional and informed opinion.

Name (required)
Comment (required)
By submitting, I agree to the Terms & Conditions