In May 2019 a ransomware attack was carried out which resulted in the servers of the American city of Baltimore, Maryland being largely compromised by a new strain of ransomware called RobbinHood. Baltimore became the second U.S. city with a population of over 500,000 people to fall victim to ransomware in two years, after Atlanta was attacked the previous year (BBC, 2019 / USA Today, 2018)
Ransomware is a type of malicious software developed by those with criminal intent. If downloaded into IT systems, the software is programmed to lock a target’s computer or network, blocking access to important systems and data. The threat usually contained within ransomware attacks is that the locked information will be irrevocably damaged or destroyed if the demand is not met within a prescribed timeframe.
Although ransomware demands tend to be relatively small in comparison to the financial standing of the target organisation, the sum involved in the Atlanta attack was reported to be $51,000 (O’Donnell, L. 2018), the costs of coping with an attack and restoring systems can be significant. It is reported that the Wannacry attack in 2017 cost the NHS around £92m (The Telegraph, 2018)
Specific targets for this new wave of ransom attack are large public service providers such as universities, hospitals and police departments; organisations that have large incomes, but no scope for going off-line for days or weeks to invoke structured IT disaster recovery procedures.
But the major significance of ransom attacks in the public sector is the immediate disruption caused to municipal services as residents may not be able to access important information, pay taxes, fees, or fines online, report potholes or make complaints via the organisation’s website. The financial consequences of a cyber-attack can be far greater than the ransom demand.
Events such as these serve as reminders of the importance of the need to robustly protect our organisations from the continuing threat posed by the methods of modern-day criminality.
Research by the insurer Hiscox suggested that 55% of UK firms had experienced a cyber-attack in 2019, up from 40% in the previous year. It also reported that average losses from breaches also soared from $229,000 to $369,000, an increase of 61% (BBC, 2019).
Under the General Data Protection Regulation 2018 (GDPR) all UK companies including local authorities are required to report data breaches to the Information Commissioner’s Office (ICO) within 72 hours. Failure to do so can result in heavy fines and penalties.
Gallagher Bassett has a partnership arrangement with Broadgate Consultants for the provision of a Cyber Risk Health Check. This service falls outside of the elective day’s arrangement and there is a fee payable for this service. The Health Check provides clients with a brief review of their current cyber protection levels and provides them with recommendations to strengthen their cyber resilience. The Health check itself will be a blend of meetings, an online assessment, a review of existing documentation and a final report presentation.
Risk Management Partners Limited is the data controller of any personal information you provide to us or personal information that has been provided to us by a third party. We collect and process information about you in order to arrange insurance policies and to process claims. Your information is also used for business purposes such as fraud prevention and detection and financial management. This may involve sharing your information with third parties such as insurers, reinsurers, other brokers, claims handlers, loss adjusters, credit reference agencies, service providers, professional advisors, our regulators, police and government agencies or fraud prevention agencies.
We may record telephone calls to help us monitor and improve the service we provide. For further information on how your information is used and your rights in relation to your information please see our privacy notice at https://rmpartners.co.uk/privacy-policy. If you are providing personal data of another individual to us, you must tell them you are providing their information to us and show them a copy of this notice.