A new study by the insurance company Hiscox (Cyber Readiness Report 2021) reveals something astonishing.
One-in-six firms attacked in the past year said they almost went under.
Smaller firms (SMEs) were among those that suffered the greatest losses from cyberattacks relative to their company size. For SMEs with fewer than ten employees, the average cost of all attacks this year was just over EUR 8,000 per employee. But from the 95th percentile and above, there were firms that had damages of 308,000 EUR. Some had even worse results. One German business services firm experienced costs equivalent to 474,000 EUR per employee according to the study.
German firms stand out for the severity of the attacks. They accounted for more than one-third of the total financial impact (EUR 47.9 million).
German firms also top the table for the average cost of all cyber attacks (EUR 23,700) and the largest single attack (EUR 5.1 million).
Ransomware is playing an increasingly important role in this. Ransomware is malware that locks an infected computer. To regain access to the data, the victim of the attack must pay a ransom to the sender of the Ransomware.
The attackers’ approach to ransomware has changed. In the past, this was usually done automatically. An employee clicks on an email attachment, then the accessible system is directly encrypted, and a small ransom demand is made. Meanwhile, the attacker spends a lot of days in the system unnoticed, trying to gain maximum privileges before attacking with the encryption in a very targeted and very painful way.
The study says that 58% of affected companies paid this ransom. The median ransom payment was EUR 11,900 and the largest single payment was EUR 94,900, paid by a German company.
Deception technology can remedy this situation and significantly reduce the amount of damage. Especially for SMEs that do not have the resources in the company to operate such technology themselves, but still need rapid detection of attacks. Like a silent alarm, the Deception solution monitors and immediately reports when a hacker is in the system. In addition, the attacker is immediately redirected and cannot cause any further damage.
Deception technology for SMEs is now available in Europe for the first time.
About the author