In recent years, the digital landscape of Cyprus has seen a significant rise in cyber threats, profoundly impacting businesses. In 2023, a staggering 45% of Cypriot companies experienced a cyber-attack, a testament to the growing sophistication and frequency of these digital threats.

A detailed breakdown of these incidents reveals that 35% were related to phishing scams, 19% involved impersonation or social engineering tactics, and 6% were attributed to hacking. These figures highlight the diverse nature of cyber threats facing businesses today.

The financial implications of these attacks are substantial. On average, companies incurred costs of around €9,500 for consulting services to identify and rectify the issues. The average loss from stolen funds stood at €9,000, while the expense of acquiring or upgrading necessary software reached about €25,000. 

Additional costs included overtime for restoring systems and data (€4,500) and lost revenue due to business interruption (€5,000), culminating in an average total cost of approximately €22,000 per incident. 

These statistics, provided by the Cyprus Digital Security Authority, paint a stark picture of the financial burden cyber-attacks place on businesses.

• Data Breaches: Unauthorized access to sensitive data, leading to its exposure or theft.

• DoS and DDoS Attacks: Disruption of service through overwhelming network traffic.

• MITM (Man-In-The-Middle) Attacks: Interception of communication between two systems.

• Phishing Attacks: Fraudulent attempts to obtain sensitive information through deceptive emails or websites.

• Ransomware: Malware that encrypts data, demanding payment for its release.

• Password Attacks: Unauthorized access attempts by cracking passwords.

• SQL Injection Attacks: Exploiting vulnerabilities in data-driven applications.

• URL Interpretation: Manipulation of URLs to redirect or deceive users.

• Web Attacks: Various forms of attacks targeting web applications or services.

Cyber insurance contracts in Cyprus offer a comprehensive range of coverages to safeguard businesses against diverse cyber threats:

• First Response Coverage: Immediate assistance following a cyber incident.

• Event Management (Core Coverage): Management and mitigation of cyber events.

• Privacy and Security Liability (GDPR Fines): Covering liabilities under GDPR.

• Cyber Extortion (Ransomware): Dealing with ransom demands.

• Network Interruption: Compensation for business disruptions.

• Network Interruption (OSP - Outsourced Service Providers): Coverage extends to incidents involving third-party service providers.

• Digital Media: Protection against digital media-related liabilities.

• Phishing: Cover for losses due to phishing attacks.

• Goodwill Restoration: Efforts to restore business reputation post-attack.

• Data Protection & Cyber Liability Insurance Coverage: Comprehensive coverage for data breaches and related liabilities.

• Telephone Hacking: Protection against unauthorized use of telecommunication services.

The cost of cyber insurance is influenced by multiple factors:

• Required Limit of Liability: Higher limits result in higher premiums.

• Business Activities: The nature of the business and its exposure to cyber risks.

• Company Turnover and Subsidiaries: Larger businesses typically face higher costs.

• Territorial Limits: Working with clients in regions like the USA, Canada, and the UK increases costs due to higher litigation risks.

• Jurisdiction and Choice of Law: Preferences for legal jurisdiction and applicable laws can affect costs.

• Amount of Sensitive Information Processed: Greater volumes of sensitive data increase risk exposure.

• Third-Party Information Sharing: Sharing client information elevates risk levels.

• Outsourcing IT/Data Services: Dependence on third-party service providers can impact insurance costs.

• Presence of a Chief Privacy Officer: Companies with dedicated privacy officers may be seen as lower risk.

In conclusion, the escalating threat of cyber-attacks in Cyprus underscores the critical need for robust cyber insurance policies. 

By understanding the types of attacks, coverage options, and factors influencing insurance costs, businesses can make informed decisions to safeguard their operations in the ever-evolving digital landscape.

Pitsas Insurance was established in 1985 and was one of the first insurance companies in Cyprus. With more than 10,000 clients from 45 countries, the company is a pioneer of insuring expatriates and foreign businesses in Cyprus. Pitsas Insurance is the biggest providers of business insurance services to Cypriot, European and international companies. Among its clients are international software developers, investment and financial corporations, law firms, shipping and construction companies.