Less than 1% of companies have insurance against cyber-attacks

MDS, a Portuguese multinational risk and insurance consultancy, estimates that “less than 1%” of Portuguese companies have insurance protection against cyberattacks, according to an analysis released on Friday.

According to the study ‘MDS Research: Economic Situation in Portugal’, “Portuguese companies are unprotected against the impacts of cyberattacks, despite more than a third of entrepreneurs and managers identifying cyber risk as one of the main risks they face.”

MDS estimates point “to a residual penetration of cyber risk insurance in Portugal, with less than 1% of companies having this important risk transfer tool”.

Cyber risk insurance allows companies to cover expenses to combat cyber-attacks and compensate for losses in the event of business discontinuities, and secure the resources to get them back up and running.

“But it can also include a robust solution of attack prevention and monitoring services, urgent response in the event of a claim, as well as access to networks of computer specialists and forensic experts with proven experience in handling claims,” MDS says.

“Cyber insurance is an excellent tool for risk management, but companies are still not taking advantage of this opportunity to strengthen their protection and ensure the continuity and sustainability of their business,” says technical and claims director at MDS Portugal, Pedro Pinhal, quoted in the statement.

According to Pinhal, “recent attacks in Portugal highlight the importance of this protection, which is essential and complementary to technology protection solutions. Cyber insurance does not replace or exclude security mechanisms and effective incident response plans, nor do these make insurance unnecessary or redundant.

Although the prominence given to the risks of cyber-attacks has caused “an accelerated increase in demand for cyber insurance”, many companies “still have little sensitivity to its real importance, as they tend not to insure the totality of the risks,” MDS says.

Among companies that have bought the policy, “several often question its usefulness and have preferred to reduce capital to maintain insurance premiums, reducing their protection,” it highlights.

“The adoption of remote working and the growing number of attacks that came to light at the beginning of the pandemic have fuelled this concern, which is snowballing in the face of recent events, particularly in the telecommunications sector, as they have affected not only the target company but also its customers, who are no longer able to do business,” MDS points out.

Portugal is among the 30 countries with the most significant number of cyber-attacks worldwide, according to data from Kaspersky, estimating that the impact of cybercrime worldwide exceeds USD 20 billion (around €17.5 billion at the current exchange rate).

Since the year began, there has been a wave of cyberattacks in Portugal, from the Impresa group to Vodafone last Monday, which affected the operator’s network and its four million customers.

The attempted cyberattack on media group Trust in News, owner of several magazines, including Visão, was one of the cases reported on Wednesday.

On Thursday, the Germano de Sousa Laboratory Medicine Centre Laboratories were the target of a cyberattack but are working normally, the owner of the laboratory network told Lusa.

Meanwhile, the European Union Agency for Cybersecurity (ENISA) told Lusa it is “closely monitoring” recent cyberattacks in Portugal and is providing support to the Portuguese emergency response team member of the European network.