EXPERTISE GUARANTEED: Cybercrime and the consequences for your business

Cybercrime has been an increasingly common phenomenon for some time, but has gained momentum in recent years. It is not only government agencies that are victims of this. Many companies, large and small, are increasingly having to deal with cyber incidents in the broadest sense of the word. This has far-reaching consequences for business operations, continuity and the future of the company. When their servers are compromised, companies are sometimes unable to serve their customers for days or weeks, which can also result in additional claims for damages. No sector is spared, and the stress this causes should not be underestimated.

Types of cyber incidents and risks

Every day, cybercriminals try to gain access to valuable, confidential business data. They use a wide variety of tactics to do so. Cybercriminals often target businesses using ransomware. This involves blocking a company's most important systems and data and then demanding a ransom in exchange for releasing the system.

There is no such thing as 100% security. Even if you are surrounded by skilled IT professionals, there is still a risk. You can compare it to a house: even if your house was designed by the best architect and built by the best contractor, it could still burn down.

In other cases, ransomware is used to steal data from an unsuspecting company and threaten to make it public. This is a form of blackmail. Given the obligation that companies have to protect data and the regulations surrounding GDPR, this can have serious consequences.

In addition to ransomware, there are other ways in which cybercriminals can target companies. These include cyber theft, hacking telephone systems, etc. The most obvious is the interception of passwords. This is why it is important to use sufficiently diverse and complex passwords, to change them regularly and to make employees at all levels of the company aware of this.

Furthermore, not all cyber incidents are the result of criminal activity. Consider human error: opening an infected attachment, sending an email to the wrong recipient, etc. Hardware system failures can also have serious consequences for the day-to-day operations of a company.

Cyber incidents are not going to disappear anytime soon. In fact, they are on the rise.

Protection starts with awareness

More than 50 percent of cyber attacks on businesses are directly or indirectly attributable to human error.

After all, cybercriminals only need one wrong click to gain access to valuable company data. According to our experts, companies therefore have a social responsibility to raise awareness among their employees. In addition to good insurance against cyber incidents, they believe that it still starts with continuously raising awareness and sensitising employees to the dangers.

The first step in this entire awareness-raising process is to inform you (step 1). This can be done through articles and blogs containing specific tips. The next step is to share this knowledge within your organisation and ensure that your employees are aware (step 2) of the dangers of cyber incidents and their own role in them. This can be done using test emails that you send within your company yourself or together with a dedicated IT partner. Of course, this awareness must go hand in hand with the security (step 3) of the company's computer system. A good firewall, virus scanner and updates are essential in this regard. It is also important to restrict access to strictly necessary data and to list which licences are available and which devices have access (step 4). The final important step is to take out cyber insurance (step 5), because 100% security does not exist. Such insurance is essential for business continuity after a cyber incident.

Good insurance is the final piece of your cyber plan

The importance of good cyber insurance is beginning to sink in across the business world. According to our experts, a shift has been noticeable since 2021. There is an acceleration in the number of companies becoming aware of the importance of good cyber insurance, as managers within companies and organisations increasingly understand that not having cyber insurance can be considered a management error. This is due to the enormous impact of cyber incidents on organisations.

The average insurance cost is now affordable for most companies and comparable to the cost of comprehensive insurance for the manager's company car. This is minimal compared to the enormous damage your company could suffer. Recent figures show that the average cost of a cyber attack is 441,000 euros. However, according to our experts, the damage to a larger company after a cyber incident can exceed one million euros. Nevertheless, this does not deter cybercriminals from targeting SMEs. In fact, 60 per cent of all cyber attacks are aimed at them.

According to our experts, there is a misconception that cybercriminals have the most to gain from hacking a large or international company. It is therefore just as important for SMEs to protect themselves against potential hackers. The idea that a small or medium-sized company is less interesting to cybercriminals is wrong. A hacker will always try to penetrate the system of a small or medium-sized enterprise first. They do this because they believe that these companies have less robust cyber security. For cybercriminals, success lies mainly in the large number of SMEs with weaker IT security or low employee awareness.

According to our experts, cyber insurance is comparable to comprehensive car insurance. ‘You may be a very good driver, but an accident can also be caused by third parties,’ they say.

As a business, whether large or small, it is therefore best to be insured against such cyber incidents, but determining which insurance you need is not always straightforward. It is therefore best to seek assistance from an insurance broker who specialises in this type of insurance. After all, the consequences of a cyber incident are not covered by most insurance policies that companies have, such as liability insurance, fire insurance, business continuity insurance or all-risk electronics insurance. Separate cyber insurance is therefore necessary.

Suitable insurance varies from company to company, of course. However, there are a number of things that should be included in cyber insurance for both large and small businesses. Comprehensive cyber insurance covers you against four key areas: your own damage and costs, loss of profit, liability and, of course, cybercrime. Legal assistance could be an additional option. Only when all these areas are covered by your insurance can you be sure that you are fully protected.

Once insurance needs to step in, cooperation on many fronts is essential. Experience has taught experts that in-house IT services, external IT partners, legal partners and crisis management must work closely together to achieve the desired result.

Cyber incidents have unfortunately become an irreversible phenomenon that is not going to disappear any time soon. On the contrary, companies and organisations will have to incorporate cyber reality into their business policies. For every business leader, it is no longer a question of “if” such an attack will ever happen, but “when”.