According to a recent report by the Directorate General of the Treasury, 54% of French companies would have been the subject of a cyberattack in 2021. A figure on the increase this year, especially in the health sector, and even in nursing homes now. A commission to improve business insurance against cyber risk will begin work by the end of the month.
Cyber attacks have been steadily increasing for several yearsand the phenomenon was accentuated by the health crisis, while the dematerialization of companies accelerated, and new ways of working and consuming were adopted.
The risk is real and cyberattacks today are “likely to threaten the survival of a company”, notes the general management of the Treasury in a report made public last week. To achieve this, all of the players concerned were heard, including business federations, insurers, experts from the academic world and supervisors.
In this context of digitization of the economy, more than half (54%) of French companies would have been the subject of a cyberattack in 2021underlines the Directorate General of the Treasury in this report entitled “the development of cyber risk insurance”.
The health sector is particularly affected, and even nursing homes are not immune, nor service residences for seniors, as we have seen recently, with the cyberattack of an Ehpad in the Eure. The age and health conditions of collateral victims do not matter to hackers. A new type of threat that would do well for retirement homes and home help services, already tormented by the crisis in the recruitment of caregivers and life auxiliaries.
The health sector particularly affected by cyberattacks
In this type of attack, these are also citizens’ medical data that can be stolen, like their medical reports, their carte vitale. In total, more than 730 cyber incidents were recorded in the health sector in 2021, more than double the previous year according to a specialist interviewed in Les Échos on August 25.
For the first part of 2022 alone, at least 31 healthcare establishments were affected, indicates Anozr Way, a French start-up from Rennes specializing in the protection of people against cyber risks, in its third Ransomware Barometer (or ransomware). ) in France and around the world.
This continued during the summer, with in particular, in August, the cyberattack on the Sud-Francilien hospital center (all the hospital’s business software, storage systems and information system relating to admissions were made inaccessible).
Three days later, on August 24, it is the Franches Terres nursing home, in Beuzeville (Eure) who was faced with the encryption of his patient file, without an official ransom demand, however. The attack was fortunately limited, with only 10 computers and a single server affected, and without major impact for services or residents.
Corporate Cyberattacks: What Forms Do They Take?
Cyberattacks, which constitute a set of risks related to the use of digital technologies, have risen sharply since 2019, and this at several levels:
- At the level of their volume;
- At the level of their frequency;
- in terms of their complexity.
They may relate to the confidentiality, integrity or availability of data and information systems. The error can be human and unintentional (involuntary downloading of malicious software for example), or the fact of accident.
But it can also be, and it is often the case, a deliberate computer malice. It can therefore take several forms.
The different forms of intentional computer malice
These types of malice are very diverse. It could be :
- The attack of a hacker via software installing a computer virus (malware);
- An attempt to recover confidential information by posing as a known entity (phishing);
- Interception of communications on public wifi networks;
- Exploitation of flaws in software;
The risk of cyberattack is still very little insured according to the report of the general directorate of the treasury
Also according to the latest ransomware barometer from Anozr Way, published on May 30, 2022, France is the third country most affected by the phenomenon in the EU.
The start-up indicates that the possible payment of a ransom can amount to up to 128,000 euros on average per company. And this in addition to the cumulative loss of turnover (disrupted activities, additional human resources to respond to the attack, legal costs, etc.)
Despite this growing threat, cyber risk represents only nearly 3% of damage insurance premiums for professionals
For the Directorate General of the Treasury, this low percentage is a sign that companies (and in particular the smallest of them) are still struggling to understand this cyber risk.
This is particularly the case for the manufacturing industry, the most affected by the risk of cyberattack in France. Indeed, a majority of companies in the sector developed before the implementation of cybersecurity.
In its report, broken down into four axes, the Directorate General of the Treasury considers that it is essential to better inform policyholders of the extent of their guarantee.
She also offers that the filing of a complaint by the victim becomes compulsory in order to be compensated. This measure is also part of the orientation and programming bill of the Ministry of the Interior (LOPMI) presented on Wednesday, September 7 in the Council of Ministers.
She recommends that insurers better assess the risks. It also recommends improving risk sharing between policyholders, insurers and reinsurers (reinsurance is the insurance of insurance companies).
Finally, the launch of a task force dedicated to cyber risk insurance, with all the players involved, has been announced. She should begin her work at the end of September.
For further :
See the report of the Directorate General of the Treasury: Cyber risks: ways to protect companies
See the article from Les Echos of August 25, 2022: Cyberattacks: what risks for hospitals and their patients?
See Anozrway’s press release of May 30, 2022: Ransomware: in just 4 months, the number of victim organizations worldwide already equal to 50% of that of 2021
See the Parisian article of September 1, 2022: An Eure nursing home also victim of a cyberattack