Just one-tenth of Irish SMEs are insuring themselves against cyber attacks, a report has found — as British phone and electrical goods retailer Dixons Carphone fell victim to a second major security breach in the past three years.
Experts at Cork-based Apex Insurance estimate 10% of Irish SMEs currently have financial protections in place in the event of a cyber attack, but said that figure was likely to double in the next two years, as greater awareness of cybercrime took hold.
Europol, the EU-wide police network, has warned the global impact of cybercrime has risen to €2.5 trillion, making it “more profitable than the global trade in marijuana, cocaine, and heroin combined”.
A survey last year by British IT research firm Juniper found criminal data breaches will cost businesses a total of €7trn over the next five years, due to higher levels of internet connectivity and inadequate enterprise-wide security.
It found that SMEs were particularly at risk from cyber attacks.
Apex managing director, Theo Hoare said: “A key driver we believe that will have a big impact on the market are the tender requirements from large organisations.
“Bodies such as An Post have already made moves to make it compulsory for any business partners or suppliers to have cyber cover in place before they will agree to do business with them.
“We expect in the short to medium term that cyber insurance will be as relevant and as prevalent as other financial protections such as property, employers’ and public liability insurance.”
Dixons Carphone became the victim of a major cyber attack for the second time in three years after discovering unauthorised access to its payment card data.
Shares in Dixons Carphone, which issued a profit warning last month, fell more than 6%, taking year-on-year losses to 37%.
“We have taken action to close off this access and have no evidence it is continuing. We have no evidence to date of any fraudulent use of the data as result of these incidents,” the company said.
It said an investigation, which started last week, indicated there was an attempt, going back to July last year, to compromise data on 5.9m credit cards in one of the processing systems of Currys, PC World and Dixons Travel stores.
It said 5.8m of these cards had chip and pin protection and the data accessed contained neither pin codes, card verification values, nor any authentication data that would enable cardholder identification or purchases to be made.
However, it said 105,000 non-EU issued payment cards which do not have chip and pin protection had been compromised.