Neglecting cybersecurity has a price and it is getting higher. The average cost of cyber attacks on Spanish companies has doubled in the last year, going from 54,388 euros in 2020 to 105,655 euros in 2021. In addition, this figure is above the world average, which stands at 78,409 euros, as concluded in the sixth Cyber-preparedness Report 2022 presented by insurance company Hiscox.
A study in which more than 5,000 organizations from eight different countries (United States, United Kingdom, France, Germany, Belgium, Spain, the Netherlands and Ireland) have participated and, in seven of them, cyber attacks are perceived as the greatest threat for business, above the pandemic, the economic recession or the shortage of qualified personnel. “It gives us an idea of the extent to which companies are aware that cybersecurity affects their financial solvency more and more and is no longer something simply worrying, but rather has to be put on the table and in our day to day” , assured Hiscox’s cyber collaborator Fernando Conde.
In Spain the proportion of companies attacked decreases
It should be noted that Spain is the only country where the proportion of companies attacked has decreased in the last year, from 53% to 51%, although Conde warned that many of them are not aware that they have been attacked. In fact, only 2% of Spanish companies consider themselves experts in this field, while 30% qualify as “cybernovices”. In addition, they spent an average of €17.7 million on information technology (IT), but only 24% of that budget was spent on cybersecurity (2% more than in 2021).
In addition, most of these attacks have reached organizations through the compromise of corporate email, which has positioned itself as the first route of entry, with 41% of cases. It is closely followed by attacks on cloud servers (38%), corporate servers (38%), employees’ personal mobiles (29%) and company ones (27%).
In this sense, the report reveals that the implementation of teleworking from one day to the next without taking into account the relevant security considerations has also influenced a change in the focus of the attacks.
The cost of the ransom
On the other hand, ransomware attacks are among the most feared by businessmen because they have many associated costs beyond the mere recovery of systems. In the specific case of Spanish companies, 64% decided to pay the ransom demanded by cybercriminals, 20% more than they paid last year. Even so, the percentage of ransomware victims who gave in to extortion is much higher in countries such as the United States (84%), Ireland (80%) or the Netherlands (79%).
The payment for all the bailouts has cost Spanish companies an average of 19,400 euros, a figure that could endanger the viability of the business in certain companies. To this price must be added the cost of recovering from attacks of this caliber suffered last year, which stands at an average of 10,843 euros in Spain. And the worst thing: paying the ransom does not mean ending the threat, since 47% of companies suffered another ransomware attack as a result of paying the previous one.