Allianz’s Risk Barometer 2020 highlights that cyber incidents and climate change are two major challenges that companies will need to address between now and 2030. Anticipating these risks will ensure a competitive advantage and provide added value to companies in the digital age and global warming.
All companies can be confronted with cyber-attacks, whether they are large groups or VSE/SMEs. Site hacking, identity theft, theft of data, and confidential documents are all threats to companies. 73% of attacks are ransomware, 91% of attacks are carried out via email and 49% of them have a considerable impact on a company’s business, according to the Opinion Way survey for CESIN. Faced with new technological threats and the WannaCry and Petya attacks, which will have infected more than 300,000 computers in 150 different countries in 2017, companies are opting for cyber assurance to protect themselves and be able to counter these threats.
The cybersecurity market is expected to grow to $232 billion in 2022, compared to $138 billion in 2017, according to Markets and Markets (a global market research and consulting firm, editor’s note). These are threats that are constantly emerging. The Identity Theft Resource Center (a U.S. association that provides assistance to victims and consumer education on issues such as cybersecurity and scams, editor’s note) has identified more than 1,091 data breaches in 2016 and 1,579 in 2017. If cyber insurance is a growth opportunity for insurers, it also offers a guarantee to the victim companies that they can continue their business.
Cyber-attacks, disastrous consequences for companies
The “Opinion Way poll for CESIN” listed the most common computer attacks against companies. In 73% of the cases, “ransomware” is used. Most of the time, it infiltrates through a file downloaded or received by email. The software encrypts and blocks the files contained on the victim’s computer and asks for a ransom in exchange for a key to release them. General virus attacks come in second place with 38% of the cases: these are simply viruses, also known as malware, which spread between computers, often via e-mail, file sharing, and websites. And in 30% of situations, external fraud is practiced: individuals hack into a company or individual’s mailbox to retrieve their personal information and usurp their identity. The consequences can be serious and varied for companies.
Firstly, at the financial level, with fines and damages to be paid as well as investments to be made to restore and strengthen IT security. In the U.S., the average cost to businesses of stealing personal data is $7.4 million, according to the Ponemon Institute’s “Cost of Data Breach” survey. For French companies, this represents more than $3.5 million. The French building construction company Saint-Gobain lost 220 million euros in sales due to a cyber-attack on NotPetya ransomware in June 2017. The image of the victim firms may also deteriorate with a loss of confidence on the part of customers, investors, and business partners. Computer attacks disrupt the functioning of the company, leading to a paralysis of its activity, or even bankruptcy. The Clermont Pièces SME, based in Clermont-Ferrand and specializing in household appliances, has been placed in receivership following the hacking of all its customer and supplier files and its inability to pay a ransom of 3,800 euros.
Insurance that provides financial support and personalized assistance
The purpose of cyber insurance is to protect companies from a computer attack by providing support but also compensation. Unlike traditional insurance, it guarantees the financial consequences due to an act of malevolence, fraud, human error, or even a virus. In addition, insurers can pay the costs of notification following the attack, theft, or extraction of personal and/or confidential data, as well as crisis management costs for communication and preservation of the company’s reputation. Cyber insurance promotes prevention to reduce damage but also to train for other possible attacks: employees are made aware and security audits are carried out. Insurers also support companies with several services to manage an attack. IT experts can intervene to contain the dangers and restore data. Communication professionals can set up monitoring tools for e-reputation. In terms of price, the annual cost of a cyber-reputation varies from a few thousand euros to more than 100,000 euros, depending on the turnover, the sector of activity, and the size of the company.
Cyber insurance can therefore be a key solution to defend against cyber-attacks. But to protect yourself upstream and reduce risks, Alain Guède, director of information systems at Saretec (an insurance expertise company that helps insurers, businesses, and individuals manage their risks, editor’s note) suggests three ways to reduce the danger. First of all, a patch management program (software that remotely deploys updates to servers, computers, and applications, editor’s note) needs to be put in place within the company so that faults can be repaired more quickly. Next, the company must set up identical computer systems (all the hardware and software resources that make up a computer system, such as workstations, CPUs, and the Cloud, editor’s note) to avoid slowing down the distribution of patches. Finally, a “sandbox” policy must be established, a computer device that creates a controlled environment inside a host computer where a program can run without having any influence on the machine. For example, this program can check e-mails for users to get rid of potential viruses.
Our experienced team can help to improve your cybersecurity and digital transformation process. Contact us today.