Digital transformation has gone from being a corporate buzzword in many companies in recent years to becoming a real race for business survival. The cheapness, agility, and connection of processes provided by virtualization are no longer differentials and have become the paradigm: the best VPN, remote access, teleconferences, data storage, and cloud work.
But this radical change has not only brought benefits. Some types of businesses have greatly increased their contact surface with cybercrime and urgently need to guard against threats, especially data hijacking and blocking access to systems via ransomware. Below are some professional sectors that may risk their survival without investing in cyber insurance.
A little context: threat escalation and cybersecurity
According to IBM’s recent report on the cost of data breaches, 2022 saw a historic increase in worldwide losses. Since 2020, the average cost for organizations has risen 12.7%, from 3.86 million to 4.24 million data breaches.
Detail: The year 2022 will see a 300% increase in cybercrimes since the beginning of the COVID-19 pandemic in the US, according to the FBI. Also, according to IBM, stolen or compromised credentials accounted for 19% of leaks; phishing for 16%; bad cloud configuration for 15%.
In this context, insurance companies started to offer virtual insurance policies, or cyber insurance, to cover damages and losses generated by data leaks, network intrusions, and terrorist attacks on companies and third parties that may process or store their data.
Gaining scale with access to new customers and agile communication is the positive side of digitalization for small businesses and entrepreneurs. The flip side is that cyberattacks hit the hardest among all these organizations.
They are often targets for phishing and malware, which can expose your sensitive data. With the popularization of the home office, employees and entrepreneurs of small businesses tend not to separate professional and personal computers, which exacerbates vulnerability. The consequences can range from leaking personal credentials on illegal forums to extortion and virtual blackmail, including blocking access or sensitive data underpayment. One of the biggest difficulties for these businesses is creating a work discipline centered on cybersecurity. Another obstacle is the lower willingness to spend on protection and cyber insurance tools, often due to reduced profit margins.
Essential services are pretty susceptible to data hijacking. Databases of healthcare organizations are a gold mine for cybercriminals due to the sensitivity of the data and the urgency of the services provided.
In 2020, cyberattacks on organizations in this sector more than doubled compared to 2019, with almost a third being data hijackings. One of the biggest crimes of its kind took place in 2017 in the United Kingdom, when 16 hospitals in the National Health System were temporarily rendered useless by ransomware.
Networked data and operations can be exposed to such intrusions, including access to relevant machinery to stabilize patients.
Organizations in this area are often vulnerable because they delay security updates on the system due to the latency this creates in their functioning. In short, taking out cyber insurance no longer seems to be a luxury or extra precaution for hospitals and companies in this segment.
The Higher Education Census by Inep indicated that in-person undergraduate courses received fewer new students than those taught at a distance in 2020.
Like health, education is an essential service, which increases cybercriminals’ interest in profiting from their dysfunctionality – and the use of telecommunication tools and shared virtual groups increases the potential for contagion.
The great diversity of virtual education platforms and professionals from various online fields makes this sector especially vulnerable: Microsoft Security Intelligence points out that about 80% of cyberattacks in August 2022 were carried out in this area.
The most common malware are those that display non-removable advertisements on the screen (adware) and give an attacker unauthorized access to the machine (backdoor).
Banks and finance
If cybercriminals sniff out money, the industry whose raw material is money is one of the most targeted for break-ins.
Although investment in security technologies is massive in the financial sector, several recent consultants reported that solutions such as security operations centers, secure management of digital certificates, and cryptographic security modules are still lacking in some companies in the area.
With the expansion of digital payment methods, banking, and e-commerce, more refined cybersecurity strategies can be definitive in protecting business and customer data.
Of course, opting for virtual insurance does not mean absolute peace of mind for a company. In addition, serious adjustments to an organization’s digital architectures may be required.
At a basic level, it is important to at least install daily security practices into the behavior of employees, from using tools like antivirus and VPN to employees working remotely and using public hotspots to recognize and prevent fraud