Cybersecurity experts warn that contractors with weak cybersecurity measures may be denied insurance unless they implement stronger safeguards.
Infrastructure management company in December 2021 Amei was hit by a cyber attack After a hacker uses ransomware to access a document containing communications with a leaked government agency online.
This was the latest cybercriminal target in recent years on the list of companies such as Interserve, Bouygues UK and Bam Construct.
Following a series of attacks, James Griffiths, technical director of Cyber Security Associates (CSA), said insurers have become more selective in providing cyber insurance to contractors, with inadequate online protection. He said he was rejecting the insurance company.
Griffith revealed that changes in insurer behavior have affected some “major construction companies” and increased investment in cyber defense systems to protect themselves and their staff.
Warning that the next major attack is a “time issue”, he warns contractors of all sizes to check and improve online safeguards, anticipate their business and prevent them from being rejected by insurance companies. Encouraged that.
Griffith said CN: “Currently, insurance companies have been forced to pay insurance claims for the past three to four years, which puts a heavy burden on them. [after attacks, some are not insuring] The company they would have had in the previous year.
“Many insurance companies are currently receiving advice from cybersecurity experts. [asking them] What they should ask […] Before they take on the customer.And now they are starting to find companies that they insured 15 or 20 years ago, unless they put them in place. [cyber defences] You cannot be insured because it is in place. “
The CSA technical director said he saw an example of a company that was denied cyber insurance because it did not meet the minimum requirements of an underwriter.
“They didn’t insure them because the risk was too great,” Griffith said.
According to a March government report, construction companies were one of the group of companies most unlikely to have certain cyber protection rules or controls in place. Countermeasures may include up-to-date malware protection, policies that guarantee strong passwords, or data backup via cloud services.
The Cyber Security Violation Investigation 2022 The paper also found that construction companies are one of the least likely to have carried out activities to identify cybersecurity risks in the last 12 months.
Griffith suggested that some contractors historically paid more attention to health and security than cybersecurity, but emphasized that it can no longer be ignored and provided recommendations.
He states: Therefore, make sure it is turned on and applied by all third parties and applications you use.
“monitoring [is also important], And identify what’s happening on your network or company device. It’s useless to have all of this. [protections] It’s in place and doesn’t really monitor or warn about these things that are happening, “he added.
According to official government statistics, 39% of businesses have identified cyberattacks in the last 12 months until March, with the most common threats being phishing attempts (83%). The average cost for medium and large enterprises was £ 19,400.
Within 4 months of 2020, major contractors Bouygues UK, Bam and Interserve Everyone was the victim of a malicious attacker targeting the system. RMDKwikform, a subsidiary of Interserve, was also targeted in November 2021.
Insurance companies refuse to cover contractors with inadequate cybersecurity
Source link Insurance companies refuse to cover contractors with inadequate cybersecurity