Cybersecurity not only employs IT service providers and companies, but also increasingly the insurance industry. While security providers focus on the technical side, insurance companies mainly offer financial risk transfer.
Evaluation of damage cases with SMB
Cyber insurance provider Coalition published extensive findings from the incidents of its customers in the first half of 2020. The data is mainly based on small and medium-sized companies from the USA and Canada. It shows interesting insights and trends – for example, that companies of all industries and sizes are affected. Attacks appear to be widespread and incidents can be expected anywhere and at any time.
COVID-19 as a booster and „door opener“
Good news first: The home office wave has only led to a limited increase in attacks. The bad news: The attacks were much more successful – due to the new circumstances.
The study also reveals significant differences between the platforms used. For example, companies using Microsoft Office reported security incidents three times more frequently than Gmail users. In terms of malware classes, ransomware continued to lead the way with more than 40%.
Many events of damage avoidable
A key finding concerns the status and maturity of security measures in companies. The full scope of cybersecurity still seems to have not yet been sufficiently addressed by those responsible in small and medium-sized companies. Often the simplest and most fundamental precautions are not implemented or only in fragments. Many malfunctions and losses could have been avoided very easily. These two simple best-practice methods help effectively and can be implemented at low cost:
- Regular, up-to-date and unalterable offline backups to protect the most important systems and data from ransomware attacks
- Multi-factor authentication to significantly reduce the loss and misuse of user identities
Insurance can – to a limited extent – compensate for financial losses, but the full extent of successful cyber attacks is never completely reversible. Damaged reputations and lost contracts often have a delayed impact on business.
For secure operations, companies therefore need to be aware of the real risks of cyber attacks on the one hand, and on the other hand they need to comply with basic precautions at the technical level.