Cybercriminals have become a threat to the global economy. Cybercrime could cost companies 10.5 trillion dollars in 2025, an amount that includes the profits made by hackers through various means, according to an article published recently on the specialized blog of the manufacturer of antivirus solutions Eset.
Cyber security specialist Tony Ascombe said: "Many smaller organizations are turning to cyber risk insurance, both to protect themselves against the costs of a potential cyber incident and to benefit from the extensive post-incident services that insurers offer ( ...) The evolution of ransomware is a prime example: from extorting consumers or individual devices, to disrupting entire businesses by extracting data and threatening to sell or expose it publicly, and even blackmailing a company into reporting an incident of data leak, to regulatory bodies, when they refused to pay a ransom. Cybercriminals, or at least some of them, are innovative in their thinking and entrepreneurial when it comes to making a profit. (...) Statistically, it is cybercrime is expected to cost companies $10.5 trillion in 2025. This astronomical figure includes the profits made by cybercriminals through various means (from simply defrauding a consumer to blackmailing a hospital disrupted operational activity)". According to him, the threat to business is real, and an example of this is the recent ransomware attack on Change Healthcare, which led the parent company to report that the incident cost it $900 million, but expects it to reach 1 .6 billion dollars. The expert also pointed out: "These figures are scary and, while enterprises may be able to absorb these costs, smaller businesses may find themselves in the difficult situation of not financially surviving such an incident. Organizations more small schools are by no means immune to cyberattacks, for example, Finham Park School in Coventry, UK, which educates a significant number of students (1,500), has been hit by cyberattackers three times.Human behavior is a factor decisive in cyber attacks, with most incidents starting with some form of social engineering.For 15 years, the "use strong passwords and don't enter links" message has been promoted by national cyber protection organizations around the world, with limited success .Cybercriminals continue to perfect the art of deception and trick their victims into handing over login details, transferring funds or running malware attached to an email." In Ascombe's view, cyber security awareness training gives company staff a very useful refresher on the dangers, but "any major behavioral change will probably require a generation of employees who are continuously trained in cyber threats and on best practices to avoid them". Another major issue for many IT and cybersecurity teams is the flood of vulnerability disclosures, and the CVE database of known vulnerabilities continues to grow year on year. "The landscape is becoming more complex as both defenders and attackers turn to automation and AI tools to increase efficiency.
In this context, many businesses and small organizations turn to cyber risk insurance, both to protect themselves against the cost of a possible cyber incident, and to use the extensive post-incident services that insurers offer. At the same time, cyber insurance could signal to cyber criminals that the organization is willing to pay ransoms, as it is insured, according to the specialist.