JBS Foods, the world’s largest meat processing company, has just agreed to pay a $14.2 million ransom to a Russian-speaking criminal ransomware gang, REvil.
According to ABC News, the five-day cyber hack resulted in the company temporarily having to halt some of its operations in the US, Canada and Australia.
JBS Foods engaged the Federal Bureau of Investigation, advisors and cybersecurity experts to negotiate terms with the hackers. It was reported by NBC News that although JBS Foods was able to get most of its system running without the help of REvil, it ultimately chose to pay the ransom to keep client data safe.
As quoted in an article by WSJ, JBS Foods CEO Andre Nogueira said, “We didn’t think we could take this type of risk that something could go wrong in our recovery process…It was insurance to protect our customers.”
The ransom was paid using cryptocurrency – a common form of payment used for cyber ransoms.
JBS Foods is just one of many companies already affected by cyber attacks – for example, this year alone, we have seen damaging cyber attacks on the US Colonial Pipeline, the Nine Network, Microsoft and Levitas Capital among several others.
According to the ASCS annual threat report, “Many of the methods used by cybercriminals to steal personal and financial information can be easily mitigated through measures such as not responding to unsolicited emails and text messages, implementing multi-factor authentication and never providing another party with remote access to your computer. It is critically important that individuals and businesses understand the cyber threat and are taking active steps to mitigate the risks.
This being said, this recent dilemma faced by JBS Foods is further evidence that in a global and highly digital economy, there is no avoiding the risk of cyber attacks – no matter the size of your company, talent of your tech team or sophistication of your cyber security measures.
It is advisable to protect your company against cyber attacks as much as appropriately possible, but at the same time understand that the increasing sophistication of cyber criminals still exposes you to cyber risk.
Cyber Insurance, or Cyber Risk Insurance, is a way to safeguard against such risks. The right Cyber Insurance policy can protect you against the financial losses involved with:
- Hacking attacks
- Cyber Theft from fraudulent representations
- Malicious code or malware
- Denial of service (DDoS) attacks on your operating system
- Industrial espionage
- Identity or data theft
- Loss of your profits / revenue as a result of having your digital network compromised
- Losses payable to others including third parties such as customers, clients, suppliers and any other party who has had their right to privacy breached.
- Additional expenses required to manage a cyber event response. This can include legal costs, crisis management costs, notification costs and forensic IT costs to establish the cause of the breach and a remediation plan.
As you can see in the above list, the coverage you can obtain through a good Cyber Insurance policy can be comprehensive.
If you would like to discuss how to invest in Cyber Insurance for your own organisation, or would like to update your existing policy, please do not hesitate to get in touch.
This article was written by Tony Venning,
Managing Director at Crucial Insurance and Risk Advisors.
For further information or comment please email email@example.com.
Important Disclaimer – Crucial Insurance and Risk Advisors Pty Ltd ABN 93 166 630 511. This article provides information rather than financial product or other advice. The content of this article, including any information contained on it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date articles are written as specified within them but is subject to change. Crucial Insurance, its subsidiaries and its associates make no representation as to the accuracy or completeness of the information. All information is subject to copyright and may not be reproduced without the prior written consent of Crucial Insurance.