The global ransomware attack that last month wreaked havoc on the UK healthcare system is a sign of things to come and highlights the need for companies to establish strong risk management and adequate cyber insurance, a senior figure at Munich Re says.

In a recent opinion article, board member Torsten Jeworrek says the WannaCry virus, which affected 100 countries, highlights the global economy’s vulnerability.

He says it is “no longer a question of whether a company can be hacked, but of ensuring the obstacles hackers face are as difficult as possible”.

“The frequency of such attacks and loss potentials will continue to grow as companies’ dependence on their IT systems and the degree of networking across the globe continue to increase,” he says.

In the face of inevitable attacks, companies must prepare themselves to stay operational and protect client data and their own reputations.

“Loss prevention with rigorous security concepts against current threats must therefore be the priority.”

However, Mr Jeworrek says achieving this is “anything but simple”.

“In large companies with a very complex IT landscape, necessary security updates can take quite some time to install. Smaller companies often don’t have the requisite specialised IT know-how in house to keep their systems up to date.”

Implementation next year of the European Union’s Network and Information Security Directive and the General Data Protection Regulation are spurring companies into action, as are more stringent requirements for IT-related processes and severe penalties for breaches.

Mr Jeworrek says cyber insurance can help protect companies from financial losses.

The global cyber-insurance market has premium volume of about $US3.5 billion ($4.64 billion), expected to rise to $US8-10 billion ($10.61-$13.26 billion) by 2020.

The US accounts for about 85% due in part to its stricter regulation of IT security and the way cyber claims are handled there.

Regulators, investors and ratings agencies are taking an interest in whether companies have adequate cyber protection.