WannaCry: Lessons Learned and Implications

The recent large-scale WannaCry attack underscored the financial and businesses disruption harm that cyber-attacks can cause. This pandemic cyber-attack, which highlighted the increased use of criminal ransomware and the proliferation of military-grade cyber weapons, serves as an opportunity to recognize the following:

  • The risk of cyber-caused business interruption (cyber BI) is growing, and demands more attention from business leaders and risk professionals.
  • Large-scale, global cyber-attacks will continue to occur and emerge without notice.
  • Even relatively unsophisticated attacks can cause significant financial damage under the right conditions.
  • More extensive attacks leveraging more powerful cyber weaponry should be expected.
  • Routine cybersecurity "blocking and tackling" activities - including software patching, employee cybersecurity training and awareness, cyber incident response planning and other basic hygiene activities - are essential to reducing risk, yet often get insufficient attention.
  • No organization or industry is immune to the threat of a cyber-attack.

To minimize potential disruptions in advance of the next pandeming cyber-attack, companies should review their cyber risk management strategies and make any necessary adjustments. This includes reassessing cyber BI exposures, reviewing and updating cyber insurance programs, and taking active steps to build cyber resilience.

Download the attached briefing, which was prepared by Marsh's Cyber Practice and Marsh Risk Consulting's Cybersecurity Consulting and Advisory Practice.