Posted on: 18 August 2022
As the surge in ransomware activity looks set to continue, Andrew Hill, Executive Director, Product Innovation Lead | Coverage Specialist, Cyber & TMT at global advisory, broking and solutions company WTW considers the trends, cyber security and why a strategic approach to cyber insurance is needed, writes in the below article.
A good year for the bad guys
If the individuals behind ransomware attacks were running legitimate businesses, they would likely be feeling pleased with their recent results and forecasting a good 2022. The surge in ransomware activity, which has emerged as the dominant cyber threat in recent years, shows no sign of slowing down and continues to affect all business sectors across the global economy.
Ransomware trends generally
There are several trends that emerged in 2021 concerning ransomware activity which may give some insight into what the future holds. For example, according to a recent study published by Palo Alto, the average ransom demand rose to USD5.3m in the first half of 2021, representing a 518% increase on the previous year1. Meanwhile, in another study by Coveware, the average downtime for a business affected by ransomware in Q2 of 2021 was 23 days2 following an attack.
Ransomware trends for ports and terminals
Generally speaking, criminals using ransomware focus their efforts on where they are most likely to secure payment in return for those ‘efforts’. Recent events might suggest that, for the more entrepreneurial criminal at least, attacks against critical infrastructure might offer greater prospects of a return because of the importance such operations serve to the global economy3 and, so the theory goes, are more likely to pay up.
Ports and terminals in focus – ransomware attacks
This, arguably, makes operators of ports and terminals an attractive target for criminals. The following are just some of the recent ransomware incidents reported in the press which have impacted operators of ports and terminals:
- Port of Cape Town – July 2021
- Port of Kennewick – November 2020
- Port of San Diego – September 2018
- Port of Barcelona – September 2018
- Long Beach Terminal – July 2018
Ports and terminals in focus – cyber espionage?
The supply chain is a fragile process in which ports and terminals play an integral role. It follows that any disruption to a port’s or terminal’s operations can have significant consequences. This makes ports and terminals susceptible to cyber criminals intent on causing widespread disruption. While financial gain is a common objective for cyber criminals, there have been incidents which suggest a political motivation e.g. causing economic instability within a nation state by targeting cyber-attacks towards operators of ports and terminals.
Cyber incidents affecting ports and terminals where there has been a suggestion of political interference include:
- Several oil terminals in northern Europe – Jan/Feb 2022
- Shahid Rajaee port terminal (Iran) – May 2020
Nick May, Client Relationship Director, Ports and Terminals at WTW notes that “we have witnessed, with the advent of COVID-19, how fragile the global supply chain can be. Ports are integral to this. It is safe to say that, based on the reported incidents we’ve seen, cyber risk presents a significant threat to a port’s ability to provide a service critical to the global economy.”
Maritime cyber security – under greater regulatory spotlight
Cyber security requirements for operators of critical infrastructure such as ports and terminals are also being revised and bolstered by regulators. In Singapore, home to one of the world’s leading and busiest ports, for example, the government announced in March this year new initiatives4 to enhance the cyber resilience of Critical Information Infrastructure (CII) sectors, which includes maritime. These initiatives include a review and enhancement of the Cybersecurity Act and Cybersecurity Code of Practice, the regulatory frameworks outlining mandatory cyber hygiene practices and processes which CII owners must adhere to. This increased governmental focus reflects the need for elevating the state of cybersecurity for Operational Technology CII in light of the current risk landscape, namely, ransomware which has evolved into a major and systemic threat to national security and critical services.
Cyber security – the first line of defence
Given the events currently being witnessed, it is unsurprising, perhaps, that those responsible for risk within operators of port and terminals are increasing their focus on potential risk transfer options for ransomware and other cyber risks. All too often however, insufficient focus has been placed on network controls, i.e. the asset that requires protection, before seeking insurance. This potentially creates issues, principally that insurance is unobtainable or can only be purchased in return for a considerable premium.
those responsible for risk within operators of port and terminals are increasing their focus on potential risk transfer options for ransomware and other cyber risks.
Dean Chapman, Lead Cyber Risk Consultant at WTW GB, says that “given the exponential rise in ransomware activity globally, cyber insurers absolutely do not want to be brought in by organisations who consider cyber insurance to be part of their first line of defence. Those insurers will want to be satisfied that a full assessment of cyber risk has been undertaken prior to engagement in the risk transfer process. Our team’s focus is to work with organisations to ensure that cyber risk is managed in a way that never loses sight of the business’ wider objectives while, where appropriate, getting clients ready for the cyber insurance placement process, thereby maximising the prospects of a successful outcome.”
Cyber insurance – being strategic
The rise in claims activity, primarily brought about by ransomware, means that in many cases, engagement with cyber insurers requires a more strategic and considered approach than might have been deployed in a less challenging marketplace. As Sam Lucock, WTW’s lead broker for ports and terminal’s cyber solutions observes, “going to market prematurely with a risk profile that falls below insurers’ expectations can have far-reaching consequences for clients. A detail-oriented approach at the beginning of the risk transfer process may bring its rewards. Understanding the full scope of a client’s digital assets beyond binary questions in a proposal, allows us to present a prospect to insurers in the strongest light possible.”
Continue to read the article in full here.
Earlier in the year, WTW launched CyNav, a cyber solution designed to address the specific cyber threats faced by ports and terminals, for more information watch this video here.