Cyber-attacks are not just a problem for large companies. The digital transformation of companies, driven by the pandemic in 2020, has meant that our business networks, from large companies to SMEs and self-employed, have never been as exposed to cyber-risk as they are today. As entrepreneurs and professionals, we must be aware that, just by having a website, a credit card machine, being connected to a server or simply an email, we can all be victims of a cyber incident.
The consequences of a cyber-attack can be disastrous for a business. Leaving aside reputational damage, it is fundamental to highlight that the economic damage suffered sometimes jeopardises the continuity of a company. According to the ‘Barómetro de Ciberpreparación de la Microempresa 2021’, published by the specialist insurer Hiscox, among those Spanish companies with up to nine employees that have suffered cyber incidents in 2020, the average annual cost that the attack has generated per company is almost €30,000.
This amount may not seem very high compared to the cost of a cyber-attack for the average business network. However, we only need to contextualise this figure in the budgets we manage and assess the impact it would have on our business.
How do cyber attackers gain access to my systems?
Once we know how a cyber incident can affect us, it is worth knowing how a cyber-attacker can enter a company and cause the damage. First of all, we have a very relevant fact: according to Hiscox, 55% of the cyber-attack claims handled in 2020 were due to accidents or human error. In addition, the company also revealed that seven out of ten of its policyholders’ claims in 2020 were caused mainly by just three causes: social engineering (39%), supply chain attack (21%) and compromised corporate email (10%). Rounding out the list of most frequent sources are remote access, accidental sharing of information, loss of physical devices and malicious actions by insiders or ex-employees.
In addition, the insurer also warns of the exponential growth of ransomware (data kidnapping for which a ransom is demanded). Our company, however small and however unbelievable it may seem, can also be the victim of such an attack and we may be forced to pay a ransom to get our data back.
How do I protect my business?
Awareness of the possibility of a cyber-attack is the first preventive measure for companies, especially SMEs, as well as the training of their employees in cybersecurity.
Likewise, we consider it essential to transfer the cyber risk to an insurance product or cover. We advise taking out a policy specifically designed to cover this type of risk; there are various solutions on the market that can be adapted to your needs, some of them offering not only financial coverage in the case of cyber-attack, but a more complete solution that includes employee training programmes, risk assessment or access to preventive technology. Do not hesitate to contact us!