Simultaneous attacks on multiple organizations are likely in 2017, according to an AIG report.
"Is cyber risk systemic?"
That's the question that was posed to experts in a new American International Group (AIG) report, and if recent events are any indication, the answer is yes.
The United Kingdom's National Health Service was crippled this month when a global ransomware attack—dubbed "WannaCry"—forced appointments and operations to be cancelled, hospitals to disconnect from email, IT systems to be shut off, and some facilities to turn patients away.
The cyberattack didn't target NHS directly, but still wreaked havoc, exploiting a vulnerability in Microsoft Windows. As result of this vulnerability, hundreds of thousands of computers in countries around the world were infected.
That's the kind of cyberattack AIG predicted in its report, which says that cyber risk is systemic and that simultaneous attacks on multiple organizations are likely in 2017.
The survey, which polled cybersecurity, technology, and insurance professionals in the United States, the United Kingdom, and Continental Europe, found that more than half of survey respondents said a simultaneous attack on five to 10 companies is highly likely in the next year.
More than one-third estimated the likelihood of a simultaneous attack on as many as 50 companies at greater than 50%. Some even predicted that as many as 100 companies could be attacked.
Judging by the WannaCry attack, experts on the high end of the predictions got it right.
Alexandra Wilson Pecci is an editor for HealthLeaders.