A global hacking campaign was announced by Microsoft on 2nd March where they stated a hacking group were using four never seen before hacking techniques to infiltrate email systems.
The attackers have targeted the Microsoft Exchange Server, used by businesses across the world.
Cyber security firm Eset has now said more than 500 email servers in the UK may have been hacked, and many companies are not aware they may already be victims of the attack.
We are following these developments very closely along with our partner insurers, and want to share with you what we know so far and how it may impact your business.
While the exploitation of these vulnerabilities may initially have been described as “limited and targeted”; experts are seeing “indiscriminate exploitation” of the vulnerabilities. Insurer AIG has already seen initial claims involving the alleged exploitation of these vulnerabilities.
Further, as of 8th March, patch rates are between only 50 & 75%. Experts around the world, including specialist cyber insurance teams, are concerned that ransomware actors may also start targeting these vulnerabilities. Even if organisations have recently patched, there remains a danger they were compromised prior to patching.
Cyber risks are an exposure that almost no business can escape
What is cyber insurance?
Cyber insurance (also known as cyber liability insurance or cyber security insurance) is designed to protect businesses against the financial loss resulting from a range of cyber threats and exposures, including cybercrime, data breach and system interruption.
What does cyber insurance cover?
Cyber insurance primarily protects businesses against business interruption and financial losses caused by cyber events, cybercrime, and privacy breaches.
A good cyber insurance cyber insurance policy will also provide access to technical resources including IT security experts, forensic investigators, lawyers and crisis communications specialists who will help you manage the situation and get back online as quickly as possible.
Who needs cyber insurance?
Nearly every business in the world has a cyber exposure – whether they operate online, send or receive wire payments or process sensitive data.
Even small businesses have a cyber exposure – in fact, over 60% of cyber attacks target SMEs.
What should I do next?
Firstly, if you are a Microsoft Exchange user, we strongly recommend that companies install all updates and patches as soon as possible, and ask your IT function/support to conduct an assessment to check for evidence of compromise.
And then, speak to your normal contact at Yutree about obtaining terms for cyber insurance. It is a key risk for many businesses and coverage is currently available at comprehensive and competitive terms.