NEWS & INSIGHTS

Our world is increasingly dependent on technology, so when a cyberattack strikes, it’s not just a computer problem. A cyberattack can disrupt operations, damage reputations and result in regulatory fines. The problem is getting worse, too.

COVID-19’s Impact on Cybercrime

According to Europol’s Internet Organized Crime Threat Assessment 2020, COVID-19 has contributed to an increase in cybercrime as cybercriminals take advantage of the remote work situation. Some key points from the report include the following:

• Ransomware attacks now often include the threat to publish sensitive data. At the same time, many of these attacks are targeting supply chains and third-party service providers.
• Cybercriminals are using social engineering and phishing to facilitate other cybercrimes.
• Business email compromise (BEC) attacks are increasing. In these schemes, cybercriminals often impersonate a CEO to request a bank transfer or a supplier to redirect payments.

Data Breaches and the GDPR

Many cyberattacks involve data breaches, and with the development of ransomware attacks that include a threat to release sensitive data, this threat is growing.

Organizations that maintain personal data must comply with regulations that cover data security. In Europe, the most notable of such regulations is the General Data Protection Regulation (GDPR).

Under the GDPR, organizations are required to take appropriate technical and organizational measures, such as encryption, to keep personal data secure. If a data breach does occur, proper notification is required.

Organizations that fail to comply with the GDPR may face large fines as a result.

• An online voter consultation platform in Italy was fined €50,000 for failing to take the steps necessary to protect data from attackers.
• In the first 20 month after the GDPR went into effect, hundreds of companies were fined a total of more than €114 million.
• Despite the risk of fines, a survey found that many business leaders still appear confused about basic data security concepts.

Take Steps to Protect Your Company

Cybercriminals are constantly changing their attacks to make them more effective, so organizations need to be equally dedicated to improving their defense.

• Conduct a cybersecurity risk assessment to determine your organization’s risks and how they can be minimized.
• Develop secure policies and procedures for telework arrangements. All work should be performed on secure equipment and networks, whether it’s done in the office or in an employee’s home. Basic security measures include the use of up-to-date operating systems, encryption and anti-virus software.
• Everyone should be involved in cybersecurity. Provide all workers with cybersecurity reminders and checklists. For example, all workers should know how to avoid malware by being careful about which programs they download, which websites they visit and which links they click. They should also know how to keep accounts protected with strong passwords and two-factor authentication, and how to watch out for emails and text messages that come from fraudsters posing as legitimate contacts.

Finally, it’s important to be sure that you are properly insured for cyber liability risks. Costero specialise in both Commercial and Personal Cyber but we must be accessed via a local licensed insurance broker Details on how to reach a representative from Costero can be found at www.costerobrokers.com/our-services/#cyber-product.