- Cyber risk has ranked third on the list of the most significant threats to businesses in Poland, up from 18th place just 2 years ago, according to Aon’s “Global Risk Management Survey 2023”.
- Currently, just under 43% of companies in the country have implemented a cyber risk management policy, compared to nearly 89% globally.
- Insurance experts expect increased interest in cyber risk policies in 2024, which cover potential costs of administrative penalties or ransom for hackers, and also provide access to services of legal firms, forensic IT specialists or PR agencies.
The cost of a single data breach in a company increased in 2022 – 2023 to a historic high of nearly 4.5 million dollars. In companies that do not use artificial intelligence and automation as part of their security measures, it was about 5.4 million dollars (Aon, “2023 Cyber Resilience Report”).
Aon’s “Global Risk Management Survey 2023” shows that the increasing scale and costs of cyber attacks on companies’ IT infrastructure and data security breaches have led to cyber threats being ranked as the most significant risks for businesses globally and in Europe. The ranking of cyber attacks has also increased in Poland, where they jumped to the third position from 18th just two years earlier. “I expect their importance to continue to grow over the next 12 months, forcing businesses to implement appropriate safeguards, including against their effects,” says Paweł Krak, Practice Director, Financial & Professional Lines, Aon Poland.
Here are 3 keys focus areas for cyber risk as businesses enter 2024.
More Industries Are Afraid of Cyber Attacks
The increasing importance of cyber attacks in the risk management industry in 2024 also reflects the sectoral diversity of companies that have identified them as the most significant in terms of their operations. Among those fearful of cyber attacks are the pharmaceutical industry, trade, hospitality, financial services, media and new technology. This also applies to the public sector, sports and entertainment, business consulting, insurance, and healthcare services. In these industries, cyber risk ranked first. Food and beverage manufacturers, the agri-food industry, and transport and logistics placed this threat in second place. Meanwhile, construction, manufacturing and industry, and the natural resources sector ranked it third. Almost every sector of the economy can be attacked by hackers and most are beginning to realize this.
Poland is One of The Most Frequently Cyber Attacked Countries
According to Fintech Global, there was a rise in reported cyber attacks by 58% of British organisations, 49% in the DACH region (Germany, Austria, Switzerland) and 47% in Scandinavian countries in 2022. CERT Poland registered a 34% increase in reports in 2022 compared to 2021. The proximity to a country at war and clear support for Ukraine have resulted in 59% of Polish small and medium-sized enterprises becoming targets of cyber attacks.
“The available data analysis indicates that the most common attacks in Poland are DDos events, which block access to a website, email or online store. Phishing and ransomware are also common – recently loudly discussed in the context of RA World’s attack on the ALAB lab network. The year 2024 will likely be marked with the implementation of safeguards against such cybercrimes in companies. Risk management departments and readymade solutions, such as insurance policies protecting businesses from costly consequences of cyber attacks, will gain importance,” explains Piotr Rudzki, Senior Broker, Financial & Professional Lines, Aon Poland.
Do Companies Have a Cyber Risk Management Policy?
Aon also checked whether Polish companies are prepared for the threat of cyber attacks and if they have implemented a policy for managing this risk. It turns out that currently only just under 43% of domestic enterprises have implemented a plan or conducted a formal risk review, which includes risk quantification and assessment, financing solutions calculation, continuity plans development, and risk management prioritization. This is still a small percentage compared to nearly 89% globally.
Insurance Only For Companies Consciously Managing Risk
A cyber risk policy will be a helpful risk transfer tool for businesses. All attack costs can be insured, including administrative fines or the very amount of ransom expected by hackers. The policy can also assure access to services of legal firms, forensic IT specialists or even a company specializing in PR services, as reputation loss can prove to be equally costly. Yet, access to cyber risk insurance offerings is limited.
“Companies whose IT security budgets are inadequate may encounter refusals from insurers. Those who consciously manage this risk should find it a bit easier. However, they should not only demonstrate the possession of antivirus or firewall systems but also, for example, whether they have multi-factor authentication, regularly back up and test these backups, encrypt critical data and data in transfer, apply patch management procedures, possess BCP/DRP continuity plans and train staff in online work safety and hygiene,” adds Piotr Rudzki.
Every day in Poland, there are incidents of cyber attacks. There is currently no industry that can feel safe without implementing appropriate measures to counteract their effects. The scale of the problem in the country, and worldwide, currently places cyber attacks as the most critical threat to the economy and the most important from the perspective of the risk management industry.