The attack, which made waves on Friday, spread to 150 countries and more than 200,000 computers. Five businesses in Australia are confirmed to have been impacted by the attack, according to reports.
The ransomware attack exploited a vulnerability in Windows computers, which could have been blocked by ensuring computers were up to date with security patches, and assistant minister for cyber-security Dan Tehan said the attack should be a wake-up call to business owners.
“All businesses should immediately update their Windows operating system with the latest security patches and there are instructions on the ACSC [Australian Cyber Security Centre] website to do this,” Tehan said, according to news.com.au.
“This ransomware attack is a wake-up call to all Australian businesses to regularly backup their data and install the latest security patches.”
Meena Wahi, a specialist cyber broker and director of Cyber Data-Risk Managers, told Insurance Business that the attack highlights the need for better risk management around cyber as the ransomware could easily be defended against.
“There has to be governance around security and there has to be risk management,” Wahi said. “Cyber insurance does not bypass all of that and just transfer risk.”
Wahi noted that impacted businesses may not be covered under a cyber insurance policy as many insurers could deny claims based on a lax or negligent risk management strategy.
Leo Demer, CEO of JLT Australia and New Zealand, called on organisations to be more vigilant in how they manage information and protect their data.
Demer stressed that as businesses harness changing digital platforms, they have to plan for the worst.
“Response to cyber incidents is critical,” Demer said. “Cyber risks and incident response should form a key component of an organisation’s business continuity and disaster plan.”
While only a handful of Australian firms were impacted by this global attack, Wahi noted that if a business falls victim to a cyber attack, the best thing to do is to notify an insurance claims team as soon as possible as forensic teams can help isolate the incident and work on a response.
Meanwhile, as the victims of the attack continue to count their losses, cyber security vendors could find themselves in the limelight for failing to secure businesses.
“The security vendors need to look at their own professional indemnity insurance because they may be held liable,” Wahi continued.
Fitch warns of financial services cyber risk
Australia and China joins forces against cyber threats
A massive cyber attack which spread across the globe is a wake-up call to all businesses to boost their mitigation and insurance efforts, an expert has said.