Cyberattacks spare no one.
Whether medium-sized, small or large, companies are continually exposed and subjected to a constantly determined cyber malice. Hackers adapt and are always as motivated when they know they can extract money in any way and the losses are huge on the corporate side.
This article will also interest you: A lot of ransomware attacks take place on weekends and nights
Indeed, we should expect a definite evolution of cybercrime. It is always unpredictable but likely. The year 2019 was a palpable example, because all economic sectors were directly or indirectly affected. Whether in health, finance, aeronautics and industry, computer attacks have proved that the danger is still relevant and that no one is prepared enough to avoid it indefinitely. The main consequence of these acts of cyber malice is financial. Its various structures spend millions on the rehabilitation of their systems when they are affected and the deployment of security tools when they experience incidents. Millions that could have been used for other more professional uses.
Unfortunately, the concept of cyber insurance is not yet popularized enough. The majority of companies do not insure. "The cyber insurance market is emerging because companies are not aware of the systemic importance of cyber risk," says Pierre Bessé, president of a consulting and brokerage group. Large companies, which suffered from some incidents a few years ago due to waves of widespread computer contamination often worldwide (WannaCry and NotPetya), have mostly adopted cyber insurance. Maybe out of experience. The opposite is true for mid-sized and small and medium-sized enterprises. And that is justified by the numbers. This is when for 100 of the companies in the SBF 120 and 90% of the companies in the CAC 40 are insured in the face of cyber risk.
While according to a study published in November 2019, nearly 61% of companies have insured against cybercrime, French insurance companies have mentioned the fact that the volume of premiums so far collected is still low. Not to mention that the registration rate of mid-sized companies remains below 10%. The head of cyber activity at broker Marsh, Jean Bayon de la Tour, also pointed out that less than 5% of small and medium-sized enterprises have cyber insurance. This is quite surprising insofar as these companies are beautiful and well aware of the risks posed by cyber malice. Amanda Maréchal, QBE's cyber subscriber, says that if companies don't insure themselves despite the risks, it's a financial problem first. « … it has a cost. It is a budget, and they lack visibility on guarantees. She explains.
However, in the event of non-insurance that could cover the costs of a cyber attack, it has been shown that 60% of small and medium-sized enterprises are at risk of filing for bankruptcy within 6 months of a major computer attack. "The first piece of advice I would have to give is to make sure. It has helped us a lot," said Dominique Cerutti, CEO of engineering consulting firm Altran, which was the target of a cyber-ransomware attack in 2019. Moreover, insuring does not mean being negligent in terms of internal security. Good digital hygiene practices have made sense to remain even though the company is insured. Sophie Parisot, head of AIG's cyber underwriting team, said: "Insurance should not replace good IT security, it is important to take into account the transfer of risk. ». Because in the event of an incident, insurance companies deploy cybersecurity teams to assist the company. The objective is to assess and determine the scope of the incident as well as the fault attributable to the company to the extent that it exists. Before any action, the insurer will first seek to find the answers to these questions: "In the event of an attack, what steps should be taken to be effective and return to an acceptable state of operation? Philippe Cotelle, chairman of the Amrae Cyber Commission (the Association for Risk Management and Insurance) and the risk director of Airbus Defence and Space.
Now access an unlimited number of passwords: