It is by no means only large companies that have to defend themselves against cyber attacks - small and medium-sized companies are also increasingly becoming victims of attacks on their data. //next spoke to two experts from ERGO about why cyber insurance is becoming more and more sensible. Fatma Dindar is an underwriter for cyber risks in Munich, Janine Holz is a cyber insurance consultant in Düsseldorf.
Which methods are particularly "in" at the moment when it comes to cyber attacks?
In our experience, the most common type of attack at the moment is double blackmail. In this case, the attackers grab the company's data and demand a ransom to release it. In the second step, the data is completely encrypted and a ransom is also demanded.
Why are small and medium-sized companies also interesting enough for such attacks?
"Not if, but how": Nowadays, every company is exposed to the threat of cyber attacks. The decisive factor is not what kind of data it is, but that this data is important for the company. Because then companies are vulnerable to blackmail.
Basically, one can say that the need for cyber insurance increases the greater the dependence on functioning IT and the more personal and confidential data is processed.
Let's talk about numbers: How big is the risk for small and medium-sized enterprises to become victims of a cyber attack?
The probability of becoming a victim of a cyber attack is 1 in 4. Again, it can be said that it is only a matter of time before a company is affected.
How can the potential damage be quantified?
The damages are usually not that cost-intensive at the beginning - the average damage is currently in the five-digit range. However, our experience is that the number of losses is increasing and that they are becoming much more complex and expensive. We definitely expect more cyber damage in the future.
And what can entrepreneurs do to protect themselves?
There is no such thing as 100 percent protection. However, patches, updates, etc. should always be up to date. Equally important is employee awareness - an area that is unfortunately neglected in many cases. To strengthen it, we have been cooperating with the prevention service provider Perseus since February this year. The services of Perseus can be optionally booked by our clients. The contract is then concluded with the service provider. The focus of Perseus is on raising staff awareness. Perseus provides nine video units with a subsequent test and a certificate. This is an optional component of our ERGO cyber insurance policies.
Thank you very much for this interview!
Interview: Ursula Lindenberg
With the "CyberSafe" initiative, the German Insurance Association (GDV) wants to raise awareness of the dangers from cyberspace.