Feature
Cyber threats, insurance and the legal response
Andrew Horne and Hannah Jaques, Minter Ellison Rudd Watts
C
yber-attacks on businesses and other organisations are both increasingly common and increasingly damaging. It is no longer a surprise to read a news or business website and learn of a cyber-attack that has caused significant disruption and loss. In May of this year, the public health system in Waikato was thrown into disarray by a largescale cyber-attack upon the Waikato District Health Board which left it unable to manage and carry out routine medical procedures. The DHB was compelled to cancel many patient procedures and had to resort to manual record-keeping and workarounds. A number of patients were transferred to Tauranga or Wellington along with their Waikato clinicians. By midJune, while some services and systems had been restored, many had not and the DHB reported that there was still a long way to go. This incident illustrates the risks
4
September 2021
that New Zealand organisations face from cyber criminals and the disruption and damage their actions may cause. The very nature of cyber-attacks mean that national borders are meaningless; New Zealand organisations are as likely to be targeted as those in larger countries. In June this year, we hosted a Cyber Risk breakfast jointly with global brokerage firm Aon, with the title: “The changing risk landscape: corporate resilience for the rise of technology”. Four speakers provided different perspectives on cyber risk and the place of cyber insurance: • Datacom provided a perspective from an IT security provider. • AIG provided a perspective from a cyber insurer. • Aon provided a customer’s risk perspective. • MinterEllisonRuddWatts discussed the legal risks raised by cyber events and how to respond.
In this article we summarise these perspectives. Cyber-attacks – a technical perspective
Cyber crime is low-risk profiteering because of offenders’ ability to maintain anonymity. It is thought to have surpassed all other types of crime combined. Cyber criminals usually take or lock up commercial or customer information and issue ransoms with the threat of deleting the information or releasing it to media and other global platforms if not paid. Some key points: •
New Zealand is a soft target for cyber criminals because we think too locally. Although we tend to view ourselves as tucked away at the bottom of the world with clear borders, which has benefited us in our response to a real-world virus in COVID-19, cyber criminals exist in a borderless universe and New
