LATAM suffers 1,600 cyberattacks a second
Cybersecurity, still emerging, is a strategic ally in facing this danger. In Latin America and the Caribbean alone, about 1,600 cyberattacks on companies occur every second, according to a data projection collected in different reports from Fortinet and Kaspersky analyzing this type of crime in the region.
The economic and social cost of these crimes, which have increased dramatically in number in recent years as cyber criminals exploit the weaknesses of many IT and security systems in the face of the work from home culture that evolved as a result of the pandemic, continues to grow. Security measures to counter these threats have also exploded in number, and demand for them seems to be limitless.
The pandemic outbreak, with the subsequent rise in teleworking and remote connections, brought with them a very considerable increase in cyberattacks, which may have very significant consequences in an economy where small and medium enterprises represent 99.5% of all companies in the region. The fact that, according to the United Nations Development Program (UNDP), these companies employ about 60% of the working population and contribute 25% of the region’s Gross Domestic Product (GDP), illustrates real need to protect the assets of these companies against possible cyberattacks.
E-commerce will be the lever of growth for Central American small and medium enterprises (SMEs), as per a report from the Regional Center for Promotion of Micro, Small, and Medium Enterprises (CENPROMYPE), which estimates that more than half of these companies see the rise in digital business as “very important” or “extremely important.” Protecting this type of company is vital for the development of the economies as the extreme consequences of a cyberattack could result in the destruction of this industrial fabric and would drag down the economy of the entire subcontinent.
Logically, the countries with the highest rates of cyberattacks are those in which the economy is the most potent. Brazil accounts for almost half of these crimes in the region, followed by Mexico, with a rate of close to 23%. Colombia and Peru, with 8% and almost 6% respectively, are the countries with the next highest number of cybercrimes, according to a study of Vecdis, a Kaspersky database.
Prevention is the first measure to avoid this type of attack, although it is revealing that only 15% of Latin American companies have implemented security measures on their employees’ mobile devices, and this is precisely where a large number of cyberattacks are carried out.
No one is immune from cyberattacks of this kind, and as insignificant as they are, the consequences could be immense. A small business, such as a hardware store for example, may be the gateway through which cybercriminals can sneak in an infected file that could end up affecting its suppliers, disabling or altering the ordering systems, leading to a domino effect that, in just minutes, affects not just a specific business, but an entire supply chain.
As the old expression goes, “Prevention is better than the cure”, and across the region, cybersecurity has become a priority investment for many companies, both in terms of implementing preventive measures and spending big on sophisticated threat detection and repelling solutions.
The cost of cybercrime is immensely high, but as with most criminal activity, the actual cost is difficult to accurately ascertain. Some reports make reference to a cost of over one trillion dollars for the global economy in 2020, and there are others that cite the expected cost as reaching 10 trillion dollars by 2025. Regardless of the rhythm of growth, it’s clear that investment in IT and system security will increase significantly as part of an attempt to ward off this growing threat, but this will be insufficient to contain cyberattacks.
In fact, in a single year, from 2019 to 2020, investment increased considerably. Kaspersky estimates it has gone from representing 22% of the total IT budget of SMEs in Latin America to 30%, despite the fact that half of the companies acknowledge experiencing difficulty in making investments that allow them to improve their cybersecurity, even more so in times of crisis such as after the global pandemic, which has had a disproportionate effect on SMEs. However, according to Analysys Mason, one of the world’s leading management consultancies focused on telecoms, media and technology (TMT), cybersecurity expenditure for SMEs in Latin America will reach 6.3 billion dollars by 2025, far short of the estimated 27 billion dollars set to be spent by their counterparts in North America, but practically double the level for SMEs in Central and Eastern Europe.
The role of insurance in affording protection against the unforeseen is a storied one, and nowadays the sector finds itself adapting once again as it seeks to help companies protect themselves in the face of cyber threats. Coverage of losses due to business stoppages resulting from cyberattacks or from third-party claims, data loss, recovery and recreation, loss of transferred funds, reputational damage and legal assistance are just some of the coverages now offered within comprehensive cybersecurity insurance solutions.
Cyber insurance is very much an emerging market, especially in Latin America, where overall insurance penetration is still low (3% of GDP in 2021, according to the latest data from MAPFRE Economics), particularly when compared to the European and North American market. However, it is precisely in developing economies where the work of insurance protection is, if anything, more important. Cybercrimes may still be considered relatively new risks in constant and rapid evolution, as yet with little statistical history.
The legislation of each country and the peculiarities of the multitude of businesses mean that cyber insurance faces a slow evolution across this vast region. Latin America is a market with great economic potential, and as it grows and adapts to new realities, fending off attacks of this nature from criminals eager to capitalize on its growth will become a priority.
Cyber insurance is still a very small market when compared to the total volume of the insurance business – the segment was worth around 6.5 billion dollars in 2020 (compared to the global insurance market total of approximately 5.5 trillion dollars) but it is experiencing strong growth and looks set to reach just under 40 billion dollars by the end of 20208.
The question remains as to whether companies or the insurance sector will be able to tackle the cybersecurity challenge on their own. On the face of it, it seems almost insurmountable, given that the potential risk is of such a magnitude that it’s impossible for one single insurance company or one pool of companies to assume it. As the MAPFRE CEO Antonio Huertas recently declared, what’s needed is the creation of forms of public-private collaboration, where the States are involved. “Cybercrime is one of the largest risks threatening our society today. We are facing a global risk scenario against which no institution, agency, company, or government can consider itself safe,” he said during a recent presentation on the subject.
This type of collaboration will take time to gain momentum but creating transnational legislation that protects both companies and citizens could be the first step in fighting cybercrime.