If the individuals behind ransomware attacks were running legitimate businesses, they would likely be feeling pleased with their recent results and forecasting a good 2022. The surge in ransomware activity, which has emerged as the dominant cyber threat in recent years, shows no sign of slowing down and continues to affect all business sectors across the global economy.
There are several trends that emerged in 2021 concerning ransomware activity which may give some insight into what the future holds. For example, according to a recent study published by Palo Alto, the average ransom demand rose to USD5.3m in the first half of 2021, representing a 518% increase on the previous year1. Meanwhile, in another study by Coveware, the average downtime for a business affected by ransomware in Q2 of 2021 was 23 days2 following an attack.
Generally speaking, criminals using ransomware focus their efforts on where they are most likely to secure payment in return for those ‘efforts’. Recent events might suggest that, for the more entrepreneurial criminal at least, attacks against critical infrastructure might offer greater prospects of a return because of the importance such operations serve to the global economy3 and, so the theory goes, are more likely to pay up.
This, arguably, makes operators of ports and terminals an attractive target for criminals. The following are just some of the recent ransomware incidents reported in the press which have impacted operators of ports and terminals:
The supply chain is a fragile process in which ports and terminals play an integral role. It follows that any disruption to a port’s or terminal’s operations can have significant consequences. This makes ports and terminals susceptible to cyber criminals intent on causing widespread disruption. While financial gain is a common objective for cyber criminals, there have been incidents which suggest a political motivation e.g. causing economic instability within a nation state by targeting cyber-attacks towards operators of ports and terminals.
Cyber incidents affecting ports and terminals where there has been a suggestion of political interference include:
“cyber risk presents a significant threat to a port’s ability to provide a service critical to the global economy.”
Nick May | Client Relationship Director, Ports and Terminals, WTW
Nick May, Client Relationship Director, Ports and Terminals at WTW notes that “we have witnessed, with the advent of COVID-19, how fragile the global supply chain can be. Ports are integral to this. It is safe to say that, based on the reported incidents we’ve seen, cyber risk presents a significant threat to a port’s ability to provide a service critical to the global economy.”
Cyber security requirements for operators of critical infrastructure such as ports and terminals are also being revised and bolstered by regulators. In Singapore, home to one of the world’s leading and busiest ports, for example, the government announced in March this year new initiatives4 to enhance the cyber resilience of Critical Information Infrastructure (CII) sectors, which includes maritime. These initiatives include a review and enhancement of the Cybersecurity Act and Cybersecurity Code of Practice, the regulatory frameworks outlining mandatory cyber hygiene practices and processes which CII owners must adhere to. This increased governmental focus reflects the need for elevating the state of cybersecurity for Operational Technology CII in light of the current risk landscape, namely, ransomware which has evolved into a major and systemic threat to national security and critical services.
Given the events currently being witnessed, it is unsurprising, perhaps, that those responsible for risk within operators of port and terminals are increasing their focus on potential risk transfer options for ransomware and other cyber risks. All too often however, insufficient focus has been placed on network controls, i.e. the asset that requires protection, before seeking insurance. This potentially creates issues, principally that insurance is unobtainable or can only be purchased in return for a considerable premium.
those responsible for risk within operators of port and terminals are increasing their focus on potential risk transfer options for ransomware and other cyber risks.
Dean Chapman, Lead Cyber Risk Consultant at WTW GB, says that “given the exponential rise in ransomware activity globally, cyber insurers absolutely do not want to be brought in by organisations who consider cyber insurance to be part of their first line of defence. Those insurers will want to be satisfied that a full assessment of cyber risk has been undertaken prior to engagement in the risk transfer process. Our team’s focus is to work with organisations to ensure that cyber risk is managed in a way that never loses sight of the business’ wider objectives while, where appropriate, getting clients ready for the cyber insurance placement process, thereby maximising the prospects of a successful outcome.”
The rise in claims activity, primarily brought about by ransomware, means that in many cases, engagement with cyber insurers requires a more strategic and considered approach than might have been deployed in a less challenging marketplace. As Sam Lucock, WTW’s lead broker for ports and terminal’s cyber solutions observes, “going to market prematurely with a risk profile that falls below insurers’ expectations can have far-reaching consequences for clients. A detail-oriented approach at the beginning of the risk transfer process may bring its rewards. Understanding the full scope of a client’s digital assets beyond binary questions in a proposal, allows us to present a prospect to insurers in the strongest light possible.”
1 Palo Alto Networks, August 2021. Extortion Payments Hit New Records as Ransomware Crisis Intensifies https://www.paloaltonetworks.com/blog/2021/08/ransomware-crisis/
2 Coveware, July 2021. Q2 Ransom Payment Amounts Decline as Ransomware becomes a National Security Priority
https://www.coveware.com/blog/2021/7/23/q2-ransom-payment-amounts-decline-as-ransomware-becomes-a-national-security-priority
3 CNBC, May 2021. Colonial Pipeline restarts after hack, but supply chain won’t return to normal for a few days
https://www.cnbc.com/2021/05/12/colonial-pipeline-restarts-after-hack-but-supply-chain-wont-return-to-normal-for-a-few-days.html
4 CSA Singapore, March 2021. Review of the Cybersecurity Act and Update to the Cybersecurity Code of Practice for CIIs
https://www.csa.gov.sg/News/Press-Releases/review-of-the-cybersecurity-act-and-update-to-the-cybersecurity-code-of-practice-for-ciis
5 The Guardian, October 2021. Ransomware attacks in UK have doubled in a year, says GCHQ boss
https://www.theguardian.com/uk-news/2021/oct/25/ransomware-attacks-in-uk-have-doubled-in-a-year-says-gchq-boss
Willis Towers Watson offers insurance-related services through its appropriately licensed and authorised companies in each country in which Willis Towers Watson operates. For further authorisation and regulatory details about our Willis Towers Watson legal entities, operating in your country, please refer to our Willis Towers Watson website. It is a regulatory requirement for us to consider our local licensing requirements.