Cyber attacks take their toll. And it is an increasingly expensive bill for Spanish companies. If in 2020 companies suffered damages that had an average cost of almost 55,000 euros, in 2021 this figure has doubled to more than 105,000, according to calculations by the specialized insurance group Hiscox, which each year provides studies on the sector .
In Spain, computer attacks are especially virulent and damaging, because the cost even exceeds the world average, which is around 78,000 euros for each company. In fact, more than half of the companies admit that they have been the victim of a cyber attack in the last year.
Regarding which is the gateway or the weak link in the protection walls, it continues to be fraudulent corporate email (41% of cases). This is the classic case of the email that the worker opens through deception about its origin and that ends up infecting the system. Behind are attacks on servers (38%) and employee mobiles (29%).
What are the damages? From the suspension of the service, to financial fraud and ransom requests. On this point, the study offers a striking fact: two out of three Spanish companies agreed to pay. And not only the cheap price. Because it is the very business of the company that ends up suffering in the event of a cyberattack: from temporary business interruption to the loss of reputation to the loss of customers.
To deal with this plague, the report ensures that Spanish companies have increased their Information Technology budget from 13 million to almost 18 million, with cybersecurity already representing a fifth of all this money.
Gareth Wharton, CEO of Hiscox and expert in cybersecurity of the group, explains that the worsening of the situation is due to several factors. When the pandemic hit, many companies adopted remote work solutions without prior technological experience.
Second, the growing spread of cryptocurrencies has meant that almost 100% of ransom payments are made through this asset. "The briefcase is gone and cryptocurrencies allow anonymity," he says.
When it comes to criminal profiles, Wharton identifies several categories. The activists, who attack companies as a form of rebellion and protest to send a certain message; those who do not have specific motivations but who infect companies simply to show that they can do it and those who operate motivated by the possibility of making money.
"State" attacks are also growing, that is, those launched in an organized manner as if it were a (cyber) war. In this sense, in the current context of the conflict with Ukraine, several threats from Russia have been detected.
"The problem is not if you will be the target of a computer attack, but when," warns Wharton. "It's like a house. You can protect yourself. But it's not enough to have a good window, you also have to have a reinforced door, an alarm... In the end, you have to make the workers aware. Because it's a people's problem, not of available technology.
His last recommendation: "We tend to find a good password and use the same one for everything. It is not a good practice," he concludes.