4 min read

Coronavirus and Cyber Risks

Read more

By Pilar Rodríguez


Published 30 March 2020


The staggering advance of the coronavirus is not only having serious implications on health systems around the world, but cybercriminals are taking advantage of the pandemic to attempt to attack the IT systems of different organisations. Experts have already highlighted that email attacks related to Covid-19 have become the biggest hook for cybercriminals. For the time being, Covid-19 is being used to carry out the largest collection of types of cyber-attacks  seen in recent years.

The cybercriminals are not only focusing their campaigns on private companies, but they are also putting Spanish hospitals under pressure by taking advantage of the critical moment they are experiencing. In the last few hours, the Spanish National Police has warned of the "massive sending of emails to health personnel" containing "a very dangerous and malicious virus" that intends to "break down the entire computer system of the hospitals", as explained by the Deputy Director of Operations of the Spanish National Police, Jose Angel Gonzalez, at the daily press conference of the Technical Committee for the Management of the Coronavirus on Monday, March 23 2020.

The health sector is the most affected, but not the only one. As a result of the state of emergency, most companies have implemented teleworking measures which will undoubtedly pose a great challenge to companies, not only from an operational point of view, but also in terms of managing risks. Teleworking is a cyber-risk.

Millions of people are working from their homes and it is therefore critical that the networks are both operational and secure. Every day there are reports of increased "Phishing", cyber-attacks through emails that contain, for example, an attachment with a supposedly "useful guide to working from home" apparently sent by the IT department which, in reality, contains a malicious attachment that compromises the security of the computer systems.

Organisations are already experiencing increased traffic from remote access to the network. This leads not only to overloading systems, but also to accessing sensitive data and systems through unsafe networks or devices. In fact, the connection of employees to the network is taking place through Wifi connections that, in most cases, do not enjoy a level of security like that of fixed connections in the workplace. It is therefore necessary for the IT department to carry out monitoring and threat containment work in a radically different way.

The key is the ability to adapt and react to the circumstances at hand. In a physical office environment, a device can be quarantined by disconnecting it from the corporate network while appropriate research is being carried out. However, in a teleworking context, this action entails more difficulties. This is why, in a situation where workers are in a physical location outside the office, efforts will have to be doubled and IT staff made available to deal with an incident on the device where it has been initiated. If the incident is not resolved quickly and a shutdown is not made, there is a risk of malware spreading within the network.

From the point of view of cyber-risk insurance, the exposure of insurers to cyber-claims is, these days, much higher.

There are two major risks associated with cyber incidents: The breach of systems security and therefore the potential compromise of personal data; and the risk of business disruption. Both risks deserve the attention, but the possible business interruption derived from a cyber-attack is of special importance since it can have a big impact on the economic situation of the company.

In this case, the coverage of the cyber-risk policies that are most relevant are undoubtedly those covering  "first response services" and "business interruption".

The coverage of 'first response services' includes the services of computer experts for the identification of the incident, restoration of the computer system and its operational maintenance. This coverage has become even more important than usual.

However, the performance of these actions may encounter greater difficulties than usual as the vendors included in the panel of experts must be able to deploy such actions in a context where the affected system is at the user's home and without connection to secure networks. This poses a great challenge for insurers and their suppliers, who will be faced with an uncommon scenario and must respond with agility and efficiency.

Also, the "business interruption" coverage that aims to cover the decline in income derived from the cyber incident will be very relevant. In this aspect, we consider it essential to pay special attention to the fact that it will be necessary, when assessing the claim, to make a clear distinction between the loss of profit strictly derived from the cyber-attack and the loss of profit derived from the health crisis situation of the COVID-19. This will undoubtedly be another of the great challenges faced by insurers when dealing with a cyber-incident.