Lorraine Rowland
Senior Claims Underwriter, Hiscox
In 2023, after a period of relative calm, ransomware attacks spiked, with a significant rise in the prevalence of data theft-only extortion. Remain vigilant and protected with cyber insurance.
According to new data from the latest Hiscox Cyber Readiness Report, almost three-quarters (71%) of Irish businesses suffered at least one cyberattack over the last 12 months — a 22-point increase on the previous year (49%).
Cyber insurance benefits businesses of all sizes
Even though they are small in size, SMEs are part of a larger supply chain and, therefore, still vulnerable. They are easier to hack than big corporations, and they’re usually connected to larger supply chains, providing hackers with a way to the top.
For instance, the files of a small business unexpectedly become encrypted, and a ransom demand from a hacker arrives. An employee of a firm could make a bank transfer of €25,000 to fraudsters after falling victim to a phishing email supposedly from a senior manager. An employee may misconfigure a software update over a weekend, leaving systems unavailable and causing business interruption.
Small businesses vulnerable to ransomware attacks
It has become increasingly common for smaller businesses to be targeted with ransomware, which is a type of malicious software that blocks access to a computer system or encrypts files on it. It’s used to demand money from people, and they can only have their files back once they have paid the ransom.
We have seen a rise in this type of attack as threat actors have moved their focus to smaller businesses seeking smaller ransoms. Most big organisations would be able to repel a ransomware attack, but that’s not the case for smaller ones. They find themselves with encrypted files, unable to run their business. They are then left with no option but to pay the ransom.
It has become increasingly common for smaller businesses to be targeted with ransomware.
Hackers leveraging artificial intelligence
As artificial intelligence (AI) becomes increasingly integrated into our daily lives, so do potential threat actors. AI reduces barriers for novice cybercriminals, hackers-for-hire and hacktivists to conduct access and information-gathering operations.
Threat actors, including ransomware groups, are leveraging AI to increase the efficiency and effectiveness of certain cyber operations, such as reconnaissance, phishing and coding. This trend will almost certainly continue to develop.
Phishing, typically aimed at malware delivery or password theft, is key for cybercriminals to gain initial network access for ransomware attacks or other cybercrimes. Utilising AI models to enhance access will likely escalate the global ransomware threat in the near future.
Get proactive and seek expert help
For small businesses, seeking external guidance regularly would be wise to ensure ongoing security. Consideration should be given to contracting a Chief Information Security Officer (CISO). They can assist with tasks like patching, which addresses known vulnerabilities in computer systems often exploited by hackers as a way in.
Crucially, get the culture within your business right. Training your staff to spot an attack is key because relying on technology is often not enough. For example, at a basic level, all staff should be aware of what spam emails and fake web pages look like.
Plus, while anti-virus and firewall programs can detect viruses and system vulnerabilities, you can’t rely on them to protect you against cybercriminals actually tricking you in person, otherwise known as ‘social engineering.’ Hiring a professional to deliver a staff training session will help ensure they are informed and aware.
Why cyber insurance is your ally
Hacking is prevalent globally, serving various purposes, some malicious. Amid the risks, cyber insurance offers invaluable protection to any business. If you’re a small business owner, cybersecurity should be a priority.
Cyber insurance investment safeguards not only your data but your finances and reputation. When our clients experience a cyber incident, we deploy an expert response team to cover all legal, IT and potential PR issues that can accompany a data breach. When you look at the bigger picture — you can see why cyber insurance is critical in an interconnected world.