Person with a laptop – UNSPLASH/CC/ CHRISTIN HUME
MADRID, 26 Jul. – –
More of 300,000 small and medium.sized enterprises (SMEs) They have suffered cyber attacks so far in 2021, 70 percent more than in all of 2020 and more than double than before the pandemic, the main vulnerability being related to social engineering (human failures induced by cybercriminals).
The Escudos 2021 report from the Spanish agency Exsel, promoter of ESCUDO CIBER, the first cyber insurance specifically dedicated to SMEs, shows that one in five small and medium.sized Spanish companies has suffered a cyberattack in the last year.
The most common attacks are fraud on the internet, which have already become the second most common crime in Spain, anticipating robberies with force at homes, and account for 90 percent of the attacks they receive in companies.
The report highlights that social engineering, directly or indirectly responsible for 95 percent of cyberattacks, has rebounded both in the volume of attacks in the last year (which has multiplied by 8), and in effectiveness (increased by more than 40%), derived from the special circumstances of confinement and its impact on the extension of telework, together with the taking advantage of the situation by cybercriminals.
The Covid.19 pandemic skyrocketed the number of cyber threats by 2,000 percent (including a 95.17% increase in ramsomware incidents), as the hasty extension and lack of employee training and sufficient measures in teleworking cybersecurity has provided new opportunities that attackers quickly began and will continue to exploit for as long as possible.
As a consequence of the digital pandemic in 2020, exacerbated in 2021 as confirmed by the Exsel report, nine out of ten companies and, particularly, SMEs, have increased your investment in cybersecurity in order to prevent computer attacks.
They have also invested in terms of risk transfer through the cyber insurance underwriting, a market with a turnover of 500 million in Spain (9,500 million in the world) and sustained double.digit growth, which is materialized in our country in 15 products from as many insurers that, in the face of new and more sophisticated risks, have raised their premiums on average by 35 percent in 2020 and 32 percent in 2021.
Incorrect acts in the provision of IT services, Damage to information due to destruction of ‘hardware’ and threats of cyber extortion are the least covered incidents, and the violation of personal data, the only claim covered by Spanish cyber insurance in more than half of the cases (51%).
Of the 29 coverages and services analyzed offered by Spanish cyber insurance companies in the 17 attacks that potentially activate the policy, practically all of them the cyberinsurance industry neglects or underinsures those related to social engineering, according to Exsel.
Wrong acts committed as a result of a cyberattack, both those that lead to a security breach, and those caused when a company is ‘hacked’, such as, for example, fraudulent theft of funds through identity theft or deception of an employee of the insured (‘phishing’, CEO fraud, etc.) have 13 percent average coverage.