A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 12 April 2017
Welcome to the latest edition of our Cyber Insurance newsletter. This month we'll be considering:
We also bring you a link to a short video about why businesses need cyber insurance, produced by Lloyd's as part of their cyber insurance summit, and a list of forthcoming cyber focussed events taking place in London and the US.
Before we get to this month's news, we would like to ask for a few moments of your time to make sure you register your vote in the Advisen Cyber Risk Awards 2017. The Cyber Risk Awards are in their fourth year, but the Cyber Law Firm of the Year is a new award recognising innovation and excellence in the provision of Cyber Insurance Law services. This year we have been nominated for Cyber Law Firm of the Year and we are up against some tough and worthy competition.
We would also like to take the opportunity to personally invite you to our upcoming “Creating an Inclusive Workplace” event in the Old Library at Lloyd’s on 24 May. Please do pop along and join us at this networking opportunity. You can find out more here.
A recent report by the National Cyber Security Centre (NCSC) and National Crime Agency (NCA) (the "NCA Report") described the cyber-threat to UK business as "significant and growing". 65% of large UK firms detected a cyber security breach in the past year according to the government's Cyber Security Breaches Survey 2016 (the "Cyber Survey"). Against this background, cyber security combined with effective risk management, is a key priority for businesses in 2017.Three factors contribute to this increased threat of cyber-attacks. First, the Internet of Things (IoT) and the progression towards an ever increasing number of internet connected devices provides hackers with more attack vectors than ever before. Secondly, hackers are learning from each other and sharing their knowledge. Thirdly, the technical expertise required to carry out cyber-attacks is declining, as DDoS (distributed denial of service) and malware can easily be obtained on the dark web.
Industrial connected devices are a prime target for attackers. Not only can they steal intellectual property or collect competitive intelligence but they can also disrupt critical infrastructure on a large scale. An attack on Ukranian energy distribution companies in 2015 resulted in electricity outages for approximately 225,000 customers. This attack was achieved by spear-phishing emails with malicious Microsoft Word attachments containing BE3 malware.The malware was used to gain access to the business networks of the electricity supply companies and disconnect electricity substations. This exemplifies the very real impact cyber-attacks can have on industry on a large scale, and the NCA Report predicts that such attacks will increase in 2017.A recently published report by Lloyd's, "Future Cities: Building Infrastructure Resilience", highlights the rise of smart technology for city infrastructure and how critical economic and financial services rely on such technology. This presents the very real threat of cyber-terrorists targeting ICT systems to harm or shut down critical national infrastructures. Attacks of this kind can clearly have a devastating impact on local and global economies.
As devices become increasingly internet-enabled and accessible, their security measures continue to lag behind. As we have seen with the recent CloudPets breach, many products have inadequate security software and are vulnerable to being accessed remotely. Botnets are increasingly being used to mount DDoS attacks on insecure internet connected devices, such as webcams, digital video recorders (DVRs), CCTV and smart meters.The NCA Report refers to the fact that the Shodan search engine (a search engine that lets a user find specific types of computers that are connected to the internet) reveals more than 41,000 units of one insecure model of DVR were connected to the internet in January 2017.The DDoS attack on Dyn in October 2016 provides an illustration of the widespread impact of these attacks. Multiple DDoS attacks targeted systems operated by Dyn causing major internet platforms and services to be unavailable to large numbers of users across Europe and North America. The attack affected a vast amount of services from Amazon and Twitter to Netflix and Spotify. It is believed the activities were executed through a botnet consisting of a number of internet connected devices which had been infected with the Mirai malware (the "Dyn Attack").The significance of the Dyn Attack is that the hackers targeted part of the Internet's domain name infrastructure ("DNS"). DNS providers operate by translating human readable domain names into IP addresses, helping users find the websites they are looking for. The NCA Report highlights that that we should be prepared to see more such attacks, possibly on a larger scale, and potentially targeting website hosting and database servers.
DAC Beachcroft's Head of Cyber & Data Risk, Hans Allnutt, was delighted to support Lloyd's cyber insurance summit and to feature in its new video on cyber security, alongside Inga Beale, CEO of Lloyd's, Baroness Neville-Jones, Former Minister of State for Security and Counter Terrorism and other experts. To watch the video, which explains why businesses should be looking at cyber insurance, click here.
Click the below headings to find out more about these events...
Net Diligence Cyber Risk Summit, London, 9 May 2017Head of Cyber & Data Risk, Hans Allnutt, is an advisory chair and moderating a session on GDPR at the Net Diligence Cyber Risk Summit in London tomorrow.
Net Diligence Cyber Risk & Privacy Liability Forum, Philadephia, 5-7 JuneHead of Professional Liability, Patrick Hill will be discussing "GDPR – Is international compliance illusory?" at 11.30 on 6 June.
Net Diligence Conference, Santa Monica, 10-12 October 2017Hans Allnutt will speak on GDPR and European Cyber Developments in California in the Autumn. More information coming soon.
ABI 2017 Data Conference, London, 19 October 2017Emma Bate and Rhiannon Webster will present on the Internet of Things and GDPR at this one day event.
Click the below headings to read more on each of the developments...
Click the below headings to read more...
London - Walbrook
+44 (0) 20 7894 6925
+44 (0)20 7894 6577
+44 (0)20 7894 6930
Shehana Cameron Perera, Lorraine Ekong, Jade Kowalski, Rhiannon Webster, Ceri Fuller, Khurram Shamsee, Christopher Air, Sophie Devlin
Shehana Cameron Perera, Michael McMillen, Lorraine Ekong
Jade Kowalski, Shehana Cameron Perera, Rhiannon Webster
Aleksandar Dimitrov, Neal Pal
Rhiannon Webster, Charlie Christie
Michael McMillen, Rhiannon Webster, Ben Savery
Ceri Fuller, Khurram Shamsee, Christopher Air, Jade Kowalski, Sophie Devlin
Hans Allnutt, Patrick Hill, Laura Stewart, Lorraine Ekong
Lorraine Ekong, Hans Allnutt
Hans Allnutt, Camilla Elliot
Hans Allnutt, Patrick Hill
Hans Allnutt, Rhiannon Webster, Patrick Hill
Hans Allnutt, Rhiannon Webster