In May, the US city of Baltimore suffered from a major cyber attack. Since the attack began, the city's most important computers have not worked and social-critical functions have been down. Neither wages nor bills have been paid. The housing market in the city has also stood completely still as the hackers have locked access to property documents.
Today, just over a month later, the damage after the attack, which spread through a so-called ransomware, has been estimated to be $ 18 million. However, most functions are reported to work again.
We asked the cyber expert Rolf Rosenvinge, CEO of the consulting company Cyberinsights which, among other things, acts as support for corporate executives in cyber security issues, how common this type of attack is and how imminent the risk is that Sweden is affected in the same way.
"It happens every day"
"Cyber attacks of this kind occur more or less daily and what is reported by the media is unfortunately just the tip of an iceberg. It can be from teenagers who want to play organizations a leap to more organized crime that makes this professional, ”says Rosenvinge.
“What is clear is that many large organizations are not prepared. They find it difficult to detect the attacks, and once they do, they have problems isolating any damage and difficulties in restoring their IT environment, he continues.
According to Rosenvinge, it is not far-fetched to believe that a cyber attack can affect, for example, a Swedish municipality in the same way as Baltimore.
"The sensitivity in this case is that it affects social-critical functions, which means that the damage becomes very tangible. It can move from water supply to elderly care and healthcare. "
Sweden worryingly undeveloped
“In Sweden we live in a belief that we are very far ahead when it comes to cyber security, but that is not true. I think we are unhappy long behind if you compare with countries like the US and the UK. Even smaller countries like Israel and Estonia I would say lie ahead of us and have worked systematically on these issues for a long time. "
"That Sweden is lagging behind is serious as we are at the same time one of the world's most digitized countries, but to say that you are a small country is no excuse. It's about deciding to get hold of the question. ”
Hard to ask for ransom
In connection with major cyber attacks, perpetrators often require a ransom in bitcoin to restore the affected systems. That was also the case in Baltimore. However, Rosenvinge does not believe that the development of cryptographic currencies is necessarily the reason why organized cyber attacks have become more common.
“What one has to remember is that it is very difficult for a municipality or a company to pay out bitcoins. A municipal director cannot just acknowledge hundreds of thousands of dollars and buy bitcoins. The auditors would be backing. There are examples where the ransom has come to the fore just because of such issues. ”
“At the same time, the big cost is not the ransom. It is the cost of systems lying down. We recently had a case where Norsk Hydro encountered a similar attack. The final bill in that case was approximately NOK 500 million. ”
Digitization in front of security
According to Rosenvinge, the big challenge for Swedish companies is that they are rushed into digitalization, without thinking about the security of these investments. At the same time, it has been difficult to quantify this type of risk, which has created a great deal of frustration among many business executives and boards.
"I think it has been difficult to put cyber risks in relation to other risks such as currency risks or credit risks, which can also be an explanation for why Swedish companies have not invested enough in cyber security," Rosenvinge argues.
At the same time, he says that insurance linked to cyber risk is a rapidly growing market, but that it is difficult to insure against the entire damage and in some cases difficult to get out the insurance.
"The problem with cyber insurance is that you can only insure the risk of downtime costs, but costs that are related to other more subtle values such as the brand's reputation are not included."
"There is a case where a Spanish company sued its insurance company that refused to pay out money related to damage caused by a global cyber-infringement. The reasoning is that the attack was part of the Russian state's cyber warfare and therefore does not fall under the definition of a cyber attack but is considered force majeure. "
"In other words, it is uncertain what you can actually get out of your insurance on the day you suffer. The best insurance is to invest in good protection against attacks. Swedish organizations still have a long way to go there. ”
Rolf Rosenvinge discusses recurring cyber security issues in the podcast Cybertalks. You will find the podcast here.
Learn how GDS Fund invests in cyber security: Cyber attacks create investment opportunities
