Cyber Survey 2018: companies are (still) failing to protect themselves adequately from cyber risks

Cyber is a hot topic: In 2018, the year of the GDPR, everyone will have had their ears bombarded by terms, such as "data protection", "data leak" and "cryptolockers". There has been a clear increase in awareness among Belgian companies of cyber risks, but this still does not result generally in preventive measures being taken. That is the most important conclusion of our 2018 Cyber Survey. Curious to read the full results? Find them here.

Cyber Survey 2018: companies are (still) failing to protect themselves adequately from cyber risks

12% do not have back-up and recovery procedures

There are 4% fewer respondents that have a back-up of their internal, critical systems than in the 2017 survey. This is an extraordinary result. We would expect companies generally to have taken steps to create back-ups in order to guarantee the continuity of their business. A back-up is vital, not only in the event of a cyber attack, but also, for example, of a power cut or a human error. Back-up and recovery procedures are an absolute must for every company and are also an essential part of the Business Continuity Plan (BCP) for your business. As a company, you cannot afford to be out of action for a few hours, or even worse, for a few days.

28% do not update their security products daily

We note a positive trend in our Cyber Survey, in that: there are more respondents that update their security programmes consistently than last year. But only 72% do it daily. There really are still 10% of respondents that only update their security programmes once per year. You need to be aware that this makes your firm far more vulnerable to cybercrime. Updating your security products regularly is also a relatively simple and cheap way to obtain the best possible protection for your critical systems. We urge you in the strongest possible terms to do this.

47% do not raise employees' awareness of cybercrime

This is a very disturbing finding. Given that people are the weakest link in the cybercrime chain, we advise every firm to do more to raise awareness and to organise training sessions for employees. Increasing awareness among employees should today be every company’s top priority when it comes to cybercrime. Think about phishing mails, which all too often land straight in the inbox of one of your uninformed employees and open the door for cybercriminals to hack into your firm and steal your data. That is why it is necessary to inform all your employees about the security measures that you have taken as a firm, and the instructions these involve. From our study, it seems that 37% of respondents today do have a policy concerning cybercrime, but only 16% have also invested in training courses.

1% have never heard of the GDPR

Here we see a spectacular drop in the numbers: while 36% of respondents to our Cyber Survey last year had never heard of GDPR, this number has now dropped to 1%. Our target group has clearly been adequately informed about the GDPR over the last year. It is striking that, although almost every firm states that it is aware of it, there are still 10% of respondents that have not taken any steps to make themselves compliant with this new legislation. This was confirmed by many surveys that have appeared recently in the media, which show that only a minority of companies were fully compliant with the GDPR on 25 May.

44% do not have a person who is responsible for security and privacy

Although we see a drop of 6% compared to 2017, we note that more than half of our respondents still do not have a Data Protection Officer (DPO). This can be explained by the type of companies that took part in our survey: the majority of our respondents are production companies. They consistently do not have an internal DPO, but instead outsource this responsibility. We believe that the number of DPOs is much higher in the services sector in Belgium. We also note that the number of companies that are still looking for a DPO in the job market is decidedly high.

12% were the victim of cybercrime in the last year

The 1% increase over 2017 is apparently insignificant. But what must absolutely not be underestimated is the scope and seriousness of the most recent cyber attacks. Both in the cases published in the media, and in those that Vanbreda has dealt with over the past year, we see increasingly complex and large-scale incidents of cybercrime with far-reaching operational and financial consequences. A good example of this is the Wannacry virus, that cost one of the largest shipping companies in the world nearly 300 million euros last year. The shipping company also suffered loss of business of several million euros as a result of this cyber attack and has seen its market share fall considerably.

30% currently have a cyber insurance policy

Almost one third of respondents have already signed a cyber insurance policy through Vanbreda. A further 30% of respondents are considering taking out a cyber insurance policy in the near future. The fact that sixty per cent of respondents now have this kind of policy or are considering taking one out is a huge change from just 5 years ago. Our respondents today are clearly focussing actively on this issue. We believe the growth in interest in a cyber insurance policy is due to 3 factors: the legislation, the crucial role of IT today in almost all businesses and the nature of incidents.

Cyber insurance is no longer a specialist product

According to our cyber experts, this result is also the strongest proof that cyber insurance is no longer regarded as a specialist product. It is increasingly becoming the norm and, for many companies, it is now part of their basic insurance package. Insurers confirm in addition that cyber is the fastest growing insurance product of the last few years. There are now several hundred companies that protect themselves through Vanbreda against the cyber criminals by means of a cyber insurance policy. These companies come from very different sectors, ranging from financial institutions to production companies and hospitals.

We are there for you.

We are happy to prepare a bespoke proposal for cyber insurance for your firm. To make sure this insurance solution is a good fit, we would like to have a clear picture of how your firm currently protects itself against cybercrime. You can complete the questionnaire here, so that we can provide you with a suitable proposal.

For more information, call us on + 32 (0)3 292 00 13 or contact us at cybersecure@vanbreda.be.

Subscribe to our newsletter.