The main cyber risks for companies
Ransomware
The attack by ransomware (also called ransomiciel) consists in encrypting the data of a company or an organization and requiring the payment of a ransom to make them accessible again. This is one of the most widespread cyber risks because this type of attack is particularly profitable for hackers.
Indeed, for a company, the average cost of a ransomiciel would be $ 133,000. Very often, the affected organizations are unfortunately forced to pay the ransom requested, not necessarily having the means, the time and the knowledge necessary to recover their data in another way.
Phishing
PHISHING (also called a lot) is another very frequent computer risk. This scam consists in requesting the personal information of a user by pretending to be an official organization or for a trust interlocutor.
Companies, and therefore insurance companies, are particularly exposed to this kind of attack. For example, hackers are able to extract information from employees by pretending to be the company's executives. A simple e-mail containing a link to a false site, similar to that of the company, may be enough to be fooled even the most vigilant employees.
Malware
Malware is malicious software that can infiltrate a personal computer, but also in an employee's workstation. It can be transmitted through an attachment in an email, a downloaded file or even via a public WiFi connection, generally not very secure. Once installed on the computer, the malware operates without the user's knowledge and can cause real ravages: deletion of files, modification of parameters, espionage of the activity, blocking of the execution of certain programs …
Data theft
Theft of data consists, for a hacker, in seizing the information held by a company or an organization, whether by manipulation, cunning or other dishonest practices. The leakage of the data of a company employees opens the way to many other threats, such as the spread of ransomware or malware.
Cyberespionage
Cyberespionage is defined as the use of computer networks to obtain, in an illegal manner, access to confidential information, held by a company, a government or another organization. However, cyberspioning constitutes a growing threat, affecting the critical and strategic infrastructure of many structures, in all sectors of activity: from industry to railway companies, including ministries, telecom operators, hospitals, energy supply companies or even-assurance banking.
What are the consequences of a cyber attack?
Whatever the type of threat, a cyber attack may have heavy consequences for an insurance company.
A substantial financial impact
A cyber attack can cause significant losses for the company, the activity of which is likely to be temporarily paralyzed. This often results in a decrease in turnover, but also significant cash offsets.
To this must be added the costs linked to the management of cyber attacks and the recovery of data. An attack by ransomware or phishing can generate many additional hours of work for employees, especially within the Directorate of Information Systems (DSI).
The use of an external service provider, a cybersecurity specialist, can also be necessary to identify the attack, know which part of the network has been affected, but also what data has been compromised. Data recovery and systems restoration are also significant expenditure stations.
In addition, a cybersecurity incident can even have a direct impact on the valuation of the company. This is demonstrated by an investigation carried out by Bessé and Pwc France, relating to 28 companies having undergone a cyber attack.
One year after the incident, two thirds of them saw their heritage value decrease by 10 %. A drop that even reaches 20 % for the least prepared and less reactive companies. Finally, attacked companies underwent an overall decrease of 19.5 % in the course of their action.
Serious operational consequences
Operationally, a cyber attack often leads to stopping business activity. The latter can have a variable duration, depending on the time required, to solve the problem. In any case, it generates significant turnover loss.
This interruption of activity also has indirect impacts, harmful for the company or for its customers: delivery times, for example, are likely to take a considerable delay.
A degraded reputation
For an insurance company, a cyber attack is also a real blow to its image. If the personal data of your customers have been compromised, the latter will not hesitate to make it known around them, permanently tarnishing your reputation. The theft of confidential information will be associated with a certain lack of rigor and seriousness.
Ransomware, malware, phishing, cyberspionage … There are always more web threats and it becomes urgent to protect themselves against these risks. And for good reason, poorly prepared companies are exposed to considerable financial losses, at activity interruptions, but also to a deterioration of their brand image.
