#NEWS

13/12/2017

Cyber risks – a continuous threat

More than a quarter of all French SMEs and ETIs fell victim to cybercrime last year, but hardly 5% of them are insured against risks of this kind that have become major. The threat continues to grow, and cyberattacks are becoming increasingly complex and diverse. How to reduce your exposure and protect your company?

 

The legal and regulatory environment is changing and is preparing to impose significant obligations on companies that process personal or business data. The financial consequences of a criminal or accidental failure have become the number 1 concern of large companies. Even so, practices are still far from exemplary, and numerous flaws remain.

 

Why this constant acceleration?

 

In one year, attacks increased by more than 50%, and their estimated cost to the global economy is between 375 and 575 billion dollars.

 

Four aggravating factors partly explain the rush to this new gold mine:

 

– The exponential growth of data stored by companies makes their securing increasingly complex,

– The lack of control of outsourcing solutions (Cloud Computing) by SMEs increases their vulnerability,

– Novice criminals able buy SAS solutions on the darkweb to lock up systems and extort money from their victims,

– Exposure to the Internet and social networks sets the scene for this murder mystery where data are at stake. The collected customer information constantly gains value.

 

What responsibilities?

 

Corporate management teams are currently facing the paradox of transformation: whereas at the end of 2016, more than one-third of mid-sized companies had launched a digitisation plan, just over 20% of them indicate that they are concerned about cybersecurity.

 

Protection solutions are increasingly complex and interdependent, sometimes making the topic incomprehensible for business leaders. Beyond the operational impact, many of them have been held liable as well as their company. In some cases, this type of risk has forced them into bankruptcy.

 

The question of “When and how much will a cyberattack cost us?” is a topical subject that management committees must face and address.

 

Why is cyber also an image issue?

 

“It takes twenty years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.” This quote from Warren Buffet sums up the situation rather well, and the last two ransomware attacks have shown:

 

– The immediacy and the speed of the dissemination of information by hackers who are also communication experts,

 

– The amplifying effect, the impossibility of containing information, the absence of borders, and the speed at which hacking information goes viral,

 

– The “unreality” of the damage: difficult to take stock of the situation to present facts.

 

How should cybersecurity be addressed?

 

In a perfect world, companies would have unlimited resources to establish security measures while pursuing their growth and innovation plans.

 

Far from this utopia, the elimination of risks seems more and more unimaginable. It is realism that prevails and the concept of cyber-resilience that targets the combined funding of the reasonable level of protection and compensation for cyber-harm. But priorities must still be identified…

 

What insurance solutions?

 

According to PwC, fewer than 5% of French companies have cyber-insurance. This involves supplementing traditional cover with a dedicated solution capable of guaranteeing compensation for damage suffered and caused following a loss of availability of information systems, their integrity, or the confidentiality of data. Two areas must be covered:

 

– Damage and losses for incidents and their consequences on its activity,

 

– Liability to compensate for damage by its customers and suppliers.

 

Experience has shown that compensation alone is not enough; the ability to act very quickly is also required. This also means that business leaders can have access to different support services and a range of crisis management experts (IT, legal, and loss of image).

 

It is through the consistency of actions between management teams and IT departments, employee awareness and training, and implementation of a cyber-resilience strategy that business leaders will be able to protect their systems and data and optimise the protection of their company.

 

The integration of cyber issues into the management of business risks is central.

 

Our experts answer your questions at cybersolution@verlingue.fr