“Although many SMEs believe that they are not interesting to be hacked, criminals think differently. Of all cyber attacks on companies, 64% are SMEs, resulting in, among other things, a business interruption, loss of reputation, economic costs and / or a fine or legal action. Moreover, 60% of the affected companies that did not take out cyber insurance are out of business within six months of a cyber incident . ” Israeli cyber security specialist Avi Bartov, director of the specialized cyber security company GamaSec, said this Thursday in a presentation during the annual relationship day that CNA Hardy organized for 60 relations from the insurance industry. 

According to Bartov, SMEs are, in the eyes of the average hacker, a grateful, ideal and easy target. Not least because international research shows that a majority of all SMEs indicate that insufficient staff (74%) and too little budget / money (55%) are cited as the reason why IT security is not in order to reduce cyber risks adequately. Other frequently cited reasons for this are no idea how to adequately combat cyber attacks (47%), insufficient use of cyber security technology (38%), lack of knowledge and experience in this area in-house (37%) and that cyber security is not a priority has (23%). No fewer than 75% of employees who leave a company leave their computers unsecured.

Increase in cyber attacks and costs

And that, according to Bartov, today, cyber crime is no longer indispensable in society and that it is unlikely that this will change in the short term. “The number of cyber attacks is therefore increasing and in the meantime 67% of the companies have already experienced a cyber attack in the past 12 months and 58% a data breach. That risk is therefore considerably higher than the number of companies that were confronted with a fire in the same period (28% of all SMEs), with a theft case (7%), a flood (5%) or a major transport strike or large-scale road closure around the location (2%). Proactive security measures against cyber crime are therefore more important than a good lock on the front door of a company. "

According to Bartov, the consequences of a hack or other cyber incident can be drastic. "For example in the form of a business interruption, loss of reputation, economic costs and / or a fine or a legal case." With regard to the financial consequences, he made a distinction between the directly visible costs and the costs 'below the surface of the water'. According to him, the first category includes direct costs for solving data breaches, PR and communication costs, fines, lawyer costs and necessary improvements to the company's cyber security. As 'invisible costs', he mentions, among other things, an increase in insurance costs, the higher costs of raising borrowed capital, disruption of the operational course of events, loss of customer relationships, contract value,

Other outcomes

In his presentation, the Israeli cyber security specialist said that in 81% of the cases cyber crime is the basis for a hack, followed by (cyber) espionage (10.3%), cyber war (5.2%) or (political) (h) activism ( 3.4%). Among the affected companies are mainly the smaller SMEs (turnover <$ 25 million): 49% of all companies, followed by companies with a turnover of more than $ 1 billion (22%), followed by companies with a revenue from $ 25 to $ 100 million (15%), with revenue between $ 100 and $ 250 million (6%), between $ 250 and $ 500 million (4%) and between $ 500 million and $ 1 billion (also 4%).

Bartov also observed a shift in cyber incidents from internal to external perpetrators. In 2014, 4,063 (55.2%) were the result of an internal perpetrator; this year at 1,266, that number was only 29.3% of all incidents. The share caused by external hackers and other cyber criminals increased from 44.8% in 2014 (3,291 incidents) to 70.7% (3,059) of the tonal number of incidents.

CNA Hardy and GamaSec collaboration

During the aforementioned market meeting, CNA Hardy presented its collaboration with Israeli security company GamaSec, which has led to an expansion of the insurer's cyber insurance product with a prevention scan. This allows the website of insured companies to be screened for the risk of hacking or other cyber crime. The cyber insurance product of CNA Hardy already had an incident response service following a cyber incident, in which it cooperates with the Amsterdam law firm Dentons Boekel, data recovery company Kroll Ontrack and PR company Cohn & Wolfe.

By RiskenBusiness -September 6, 2019 

https://www.riskenbusiness.nl/nieuws/risks/bijna-twee-van-de-drie-cyberaanvallen-gericht-op-mkb-60-niet-verzekerde-getroffen-bedrijven-is-binnen-half-jaar-out-of-business/