Companies hit by cyberattacks will “raise the regulator’s eyebrow”
Article by Lucy Hook – Insurance Business Mag
22 Sep 2017
Organisations that fall victim to cyberattacks such as Petya, NotPetya and WannaCry are likely to attract the attention of regulators – and attacks are only going to continue, according to one cyber expert.
This week, FedEx revealed that the impact of the NotPetya cyberattack in June cost it £220 million ($300m) in first quarter earnings – a hefty price tag. The company’s TNT Express unit in Europe, which it acquired last year, was severely impacted operationally by the attack which left it processing some transactions by hand.
Even in cases where there has been no major data breach, an event is likely to turn heads anyway, the director of cyber risk at ITC Secure Networking, told Insurance Business.
“If you look at this specific instance, there was no evidence of data exfiltration there, it wasn’t a data breach in the traditional sense,” Gareth Lindahl-Wise said of FedEx’s experience.
“But from a regulatory perspective, if you see a company take a hit like that, you will raise an eyebrow and think – how well are you complying with the standards and expectations of how you manage yourself?” he explained.
Organisations that do fall victim to attacks may quickly see themselves “at the top of the wrong lists in a number of areas,” commented Lindahl-Wise. And with an overhaul of data protection laws fast-approaching, the situation is only going to become more magnified.
“In terms of the General Data Protection Regulation (GDPR) specifically, organisations will probably find themselves in the position of having an early visit from the regulator,” he said.
But alongside coming under the spotlight of regulators, being hit by an attack may invite the attention of less savoury players too. With attacks becoming more and more public, hackers and cyber criminals are easily alerted to the fact that a company’s security standards may not be up to scratch. In general, onlookers “will infer something about your state of security and your operations,” noted Lindahl-Wise.
And in the digital world, the ramifications of an attack extend way beyond the industry, the director explained. “We’re entering an age of trial by social media, where industry commentary on what happened to you will fuel a public reaction to it,” he said. “The implications will probably be felt quicker because of that more heightened sense of media and social media coverage.”