WannaCry provides latest glimpse at nightmare cyber aggregation potential

CHICAGO—The WannaCry ransomware attack will likely be a manageable loss event for the insurance industry, but the event offers a new perspective on potential aggregation.

Though the worm known as WannaCry spread rapidly to about 150 countries starting May 12, the number of network computers infected and held for ransom is actually a small percentage of all possible global endpoints, according to Pascal Millaire, vice president and general manager at Symantec.

Millaire gave an impromptu presentation on WannaCry during lunch at Advisen’s Cyber Risk Insights Conference here.

“This may not be as bad as one might have thought,” he said. “This is a relatively good-news story.”

Scott Stransky, assistant vice president and principal scientist of research and modeling at AIR Worldwide, said he doesn’t “see losses adding to extreme amounts.”

Because the worm had a kill switch, WannaCry was stopped before it heavily affected the US, which buys more cyber insurance coverage than any other country by far. WannaCry was also poorly designed, Millaire said. In fact, the hackers didn’t automate payments, making it difficult to track who has forked over the ransom demand of $300 in bitcoin. Also, WannaCry took advantage of a vulnerability in older versions of Windows, for which Microsoft had issued a patch even for the no-longer-supported Windows XP.

But that doesn’t mean WannaCry is not important because it provides valuable insight into the insurance industry’s aggregation nightmares, Millaire said.