*By Carlos Sacco
Cyber attacks are growing every day and Brazil is one of the main targets for hackers: according to the real-time monitoring of the Kaspersky , the country is the 3rd most attacked by cyber crimes in the most different ways. A recent study published by Fortinet, a network security company, recorded more than 9.7 billion attempted cyber attacks in Latin America, with 1.6 billion attacks in Brazil alone. The number coincides with the exponential increase in professionals who have adopted the home office in recent months.
Denial of service attacks, data leakage and cyber extortion are some of the threats present in the world today. Many think that the target of these attacks are large corporations, but most target small and medium-sized companies, which are more vulnerable. We can classify the risk/threat landscape into two topics:
- Internal: Dishonest Employee(s), ie data and information theft, or Negligent Employee(s), victims of email phishing; loss of hardware (mobile phone and/or notebook);
- External: Hackers, suppliers, subcontractors and social networks.
According to the team at Cybersecurity Ventures, cybercrime is estimated to cause more than US$6 trillion in financial losses worldwide in 2021, up from US$3 trillion in 2015. This represents the largest transfer of economic wealth in history, jeopardizing innovation incentives. Among the most common crimes are fraudulent phishing schemes, identity theft and ransomware, the latter of which could generate losses of US$ 20 billion by 2021, 57 times more than in 2015.
And how to protect yourself and/or mitigate the risks of these threats? With a Cyber Insurance policy, which is an additional protection for companies. The policy aims to cover financial losses resulting from malicious cyberattacks, or even from incidents resulting from errors or negligence caused internally, which result in data leakage and other damages related to the confidentiality of information. It is important to point out that companies with a secure cyber environment are easier to hire, which will act as the last line of defense for the company's financial protection.
What is Cyber Insurance coverage? Cyber Risk Insurance offers a wide range of coverage in cases of data leakage from companies, impact on third parties and includes payment of fines for situations where penalties are applicable, such as LGPD clauses. Some coverages offered by a cyber insurance policy: Liability for Personal and Corporate Data, Liability for Data Security Act, error or omission, Liability for Third Party Companies, Defense Costs and others in addition to these.
It is worth remembering that, in the legal sphere, we have some laws and regulations on the subject:
- GDPR – The General Data Protection Regulation is a regulation of EU law on data protection and privacy for all citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside EU and EEA areas;
- LGPD – The General Data Protection Law is transforming the way companies operate. Consent will be one of the biggest challenges of the law for companies and will cause a lot of problems for organizations that share data, as well as cloud service providers, who host information in databases on behalf of other companies;
- Resolution 4,658/18 CMN – Cyber Security Policy on the requirements for contracting services and data processing and storage and cloud computing – Stricter requirements imposed by Bacen.
I strongly believe that the financial protection, transfer and mitigation of risks provided by cyber insurance policies contribute significantly to the sustainable and perennial growth of the sector, adding high value to its brand, its products and customers”.
* Carlos Sacco, Relationship and Services Director at ABES