How WannaCry Impacts Cyber-Security Insurance | eWeek

WannaCry Ransomware Raises Stakes for Cyber-Security Insurance

WannaCry Ransomware
May 22, 2017
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The WannaCry ransomware worm has raised the level of awareness about ransomware among the general public and it is also a major event for the cyber-security insurance industry that aims to help indemnify organizations against financial losses.

The cyber-security insurance industry is a growing market, with forecasts predicting up to $5 billion in insurance premiums by 2020. The promise of cyber-security insurance is that in the event of a data breach, or ransomware event like WannaCry, organizations can make claims to help recover costs and remediate damage.

“The WannaCry worm is one of the most significant and virulent forms of malware ever seen and therefore the insurance industry is taking notice,” Pascal Millaire, vice-president and general manager for cyber-insurance at Symantec, told eWEEK

Symantec’s cyber-insurance business takes the company’s data intelligence and expertise in cyber-security and provides software for insurers to help understand cyber-risk. Millaire said that Symantec is also creating new products in partnership with insurance companies.

For insurers, the primary implication of WannaCry is not about any one individual single risk but rather as an aggregated risk.

“Insurers underwriting cyber-risk can handle ten loses or a hundred loses, but when there is a major systemic event that can lead to thousands or tens of thousands of simultaneous claims,”Millaire said. “At that point there are solvency issues that can threaten the future of an insurer.”

Symantec has a cyber-aggregation model for major events like WannaCry to help understand the costs that could face insurers. WannaCry is one of three examples that have surfaced in the last 12 months on large scale systemic cyber-risks. The other two events are the Mirai internet of things botnet attack in September 2016 and the Amazon S3 outage in February 2017.

“Fortunately each of the three events likely only had a modest financial impact on cyber-insurers,” Millaire said. “However insurers can no longer look at their portfolios and ignore the fact that there are hidden cyber-aggregation risks, regardless of whether the insurer is writing a specific cyber-insurance policy or other policies that might get triggered by a cyber-catastrophe.”


WannaCry Claims

Millaire said that some of Symantec’s clients are already processing insurance claims as a result of the WannaCry ransomware outbreak. However, he doesn’t expect  the number of claims to be extraordinarily high since WannaCry exploited a known vulnerability and there are strong security software barriers available to mitigate the risk. The WannaCry attack exploited a vulnerability in the Microsoft Server Message Block (SMB) service, that was patched with the MS17-010 advisory on March 14.

“The number of claims would likely be higher if an attack exploited a previously unknown vulnerability,” Millaire said.

In medical insurance, a cause of much public debate has been around the issue of pre-existing conditions. Whether or not a known vulnerability, that an organization has not patched, is considered a pre-existing condition, is also a subject of debate. Millaire added there is also debate around whether an un-patched system should be considered under a clause for errors and omissions in a cyber-insurance policy.

“Different policies will respond in different ways on what is covered and what is not,” Millaire said. 

While the WannaCry attack exploited a patched Microsoft vulnerability, the attack payload itself was ransomware, which is something that organizations can and do in fact buy cyber-security insurance coverage to protect against.

“Ransomware is one of the explicitly-covered events in many cyber-insurance policies,” Millaire said. “The issue however is the deductible.”

Millaire added the often the ransomware amounts are relatively low and it is only when there is some form of business interruption, notification costs or legal liability when coverage for ransomware attacks really kicks in.

Looking specifically at WannaCry, Millaire said that it’s to early to tell at this point if WannaCry will have an impact on cyber-insurance premiums in the months ahead.

“We do know that WannaCry has led to an increased interest in cyber-insurance purchases,” Millaire said.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.