Two out of three companies

Cyber ​​attacks take their toll.

Thomas Osborne
Thomas Osborne
26 May 2022 Thursday 16:09
11 Reads
Two out of three companies

Cyber ​​attacks take their toll. And what an invoice! If in 2020 Spanish companies suffered damages that had an average cost of almost 55,000 euros, in 2021 this figure has doubled to more than 105,000, according to calculations by the specialized insurance group Hiscox that were published yesterday.

In Spain, computer attacks are especially virulent and damaging, because the cost even exceeds the world average, which is around 78,000 euros for each company.

More than half of the companies admit that they have been the victim of a cyber attack in the last year. Regarding which is the gateway or the weak link in the protection walls, it continues to be the fraudulent corporate e-mail (41% of the cases). This is the case of the email that the worker opens, deceived about its real origin and that ends up infecting the system. Behind are attacks on servers (38%) and employee mobiles (29%).

What are the damages suffered by companies? There is a direct economic impact, as in the case of financial fraud (improper payments are made) and ransom demands. On this last point, the study offers a striking fact: two out of three Spanish companies admit that they agreed to pay.

But the losses are not represented only by the economic cost, because it is the company's own business that ends up suffering in the event of a cyberattack: from a temporary interruption of the business, to the loss of reputation, to the loss of customers.

To deal with this plague, the report ensures that Spanish companies have increased their information technology budget from 13 million to almost 18 million, with cybersecurity already representing a fifth of that sum.

The National Cybersecurity Institute (Incibe) managed 109,126 cybersecurity incidents during 2021. Of this figure, 90,168 correspond to citizens and companies; 680, to strategic operators, and 18,278, to the Spanish Network for the Interconnection of Computer Resources of Universities and Research Centers RedIRIS, according to the 2021 Cybersecurity Balance. The forecast is that these figures will continue to rise.

Gareth Wharton, CEO of Cybersecurity at Hiscox, points to several factors behind this worsening. First, when the pandemic hit, many companies adopted remote work solutions without prior technological experience. Second, the growing spread of cryptocurrencies has meant that 100% of ransom payments are made through this asset, which encourages cybercrime. "The briefcase is gone, and cryptocurrencies allow anonymity," he says.

When it comes to criminal profiles, Wharton identifies several categories. The activists, who attack companies as a form of rebellion and protest to send a certain message; those who have no specific motivations, but infect companies simply to show that they can do it, and those who operate motivated by the possibility of making money.

Attacks launched in an organized manner as if it were a (cyber) war, by states or institutions, are also growing. Francisco Valencia, CEO of the firm Secure

"The problem is not if you will be the target of a computer attack, but when," warns Wharton. “It's like a house. You can protect yourself. But a good window is not enough, you also have to have a reinforced door, an alarm... In the end, you have to make the workers aware. Because it is a human problem, not one of available technology”. His last recommendation: “We tend to find a good password and then use the same one for everything. It is not a good practice”, he concludes.