During a recent panel discussion organised by GrECo Czech Republic, experts in insurance and cyber security examined the most critical cybersecurity challenges and strategies.
In today’s digital age, cybersecurity is no longer just a concern for IT departments or tech companies. It’s a critical issue that affects every business, regardless of industry. During a recent panel discussion organised by GrECo Czech Republic, experts in insurance and cyber security examined the most critical cybersecurity challenges and strategies. The insights shared were both eye-opening and essential for any business looking to safeguard its digital assets. Here are the top 10 key takeaways from the discussion.
1. Biggest Threat of Today: Data Breaches
According to the Allianz Risk Barometer, cyber risks have been cited for the third year running as the biggest threat to businesses. And no wonder – direct attacks, system outages or loss of customer trust can paralyse a business for weeks.
2. Most Vulnerable: Manufacturing Businesses
Manufacturing businesses are particularly vulnerable, with protection often weaker than at banks. As the panel noted, “A lot of companies don’t even have a lock on the door, let alone an alarm.” The result? Attackers go where there is the least resistance, making medium-sized businesses easy prey.
3. Biggest Weakness: Human Error
95% of all incidents are caused by human error. Often, it’s no longer a classic hack – it’s manipulation because attackers today don’t bypass systems, they bypass people. They use patience, psychology and technology.
These sophisticated techniques often create another barrier: Shame. Employees are often afraid to admit a mistake – and then companies deal with the fallout too late. Panelists agreed: those who have experienced an incident take cybersecurity seriously. Those who haven’t are taking a risk.
4. Changing Attack Scenarios
Attacks have evolved from quick and crude to sophisticated. A fraudulent email becomes an entire communication that looks like it’s from a colleague. Fake call centres or ‘romantic’ investment scams are no exception. Employees themselves are conned into sending money to fraudsters – believing they are saving the account or following management’s instructions.
5. Ransomware: Extended Downtime
“A few years ago, the downtime after a ransomware attack lasted an average of three days. Today it’s 22 days,” the discussion revealed. This means 22 days without billing, production, or communication, along with huge data and reputation recovery cost
6. Cost of Recovery
Some companies prefer to pay the ransom – even though insurance companies usually don’t cover it. Others bet on recovery, but even that can cost tens of millions. Restoring a single computer can cost between 30,000 and 40,000 EUR.
7. Artificial Intelligence: A Double-Edged Sword
AI has fundamentally changed the rules of the game. Attackers use it to make their messages look convincing, their code more efficient and their attacks faster than ever. What used to take hours, they can now do in minutes.
However, AI can also protect by detecting anomalies, analysing patterns of behaviour, and triggering timely alarms. Unfortunately, so far, attackers are using AI more nimbly than companies in their defences. And that needs to change.
8. Cyber Insurance: Limited Availability
Cyber insurance is not commonplace today. Most companies can’t get it because they don’t meet the basic security requirements like two-factor authentication, employee training, or secure backups.
Without adequate protection, a business could face millions in damages with no recourse. It is often debated whether the situation can be covered by directors and officers (D&O) liability insurance – but this is subject to proof of misconduct, such as failure to ensure basic guidelines or to train employees.
9. NIS 2 Regulation: New Obligations
Europe’s NIS 2 Directive is already clamouring at the door. The directive brings the obligation to put in place processes, oversight, incident management and other elements that companies have often overlooked until now. The result will be either improved protection – or punishment.
10. Common Mistake: Underestimating the Risk
One of the most common reasons for not addressing cyber risks is underestimating them. A cyber incident is 14 times more likely than a fire, yet almost every business has insurance against fire but not against cyberattacks.
Prevention Costs Less Than Recovery
Cybersecurity is not an IT project. It’s a question of strategy, leadership, and survival. Cybersecurity is not an expense. It’s an investment because prevention is always cheaper than damage control. Basic steps that business leadership can take today:
By taking these steps, businesses can better protect themselves against the ever-evolving landscape of cyber threats.
Panel members included:
HORIZON Risk Thought >> Fast Forward
The complexity of today´s risk environment is changing at an accelerating pace, making risk management even more challenging. We have created HORIZON, firstly as a print publication and now as a page for sharing the latest insights about ongoing transformations. Our risk specialists will continue to provide their expertise and knowledge to shine a light on the challenges of the future.
Gabriela Janečková
Head of Regions
GrECo International s.r.o.
T +43 664 962 39 18
Adam Jaroš
Head of Specialty
GrECo International s.r.o.
T +420 771 227 687
