Login
You are...
Products
Business account A professional account with far more comprehensive services than a traditional bank Collection Cash your customers quickly and easily Accounting Anytime provides invoicing software, facilitates your accounting and helps you with administrative formalities. Financing Discover a wide range of services to support your growth. Whether you're self-employed or a large company, our solutions are tailored to your needs. Cash Management View the banking position of all your activities in real time. Put in place an analytical vision of your flows and give meaning back to your banking operations.
Mastercard business cards Discover the services and Mastercard cards available to you. Corporate expense management Capped Mastercard cards with employee rights management. Managing association expenses The dedicated solution for associations to manage their business expenses. Insurance and legal protection Insurance is included in cards or packages, and meets the needs of both the self-employed and large companies. Chartered Accountants To make your life easier and avoid errors in your declarations, entrust your accounting to chartered accountants.
Expense management
Rates

Cyberattack on a company: compensation conditional on filing a complaint

Published on March 23, 2023 by Pierre Belhache - 3 mins reading time
SMALL BUSINESSES Companies Cybersecurity Procedures

From April 25, a company that has been the victim of a cyber attack will have to file a complaint within 72 hours in order to claim compensation from its insurer. At least, that's what the Ministry of the Interior's orientation and programming law of January 24, 2023 specifies.

One company in two is the victim of a cyber attack

In 2022, almost one French company in two was the victim of a cyber attack, according to the CESIN (Club des Experts de la Sécurité de l'Information et du Numérique) Barometer.

In its annual activity report, GIP ACYMA (Groupement d'Intérêt Public Action contre la Cybermalveillance) notes an increase in online assistance requests. In 2021, more than 173,000 requests were submitted to the cybermalveillance.gouv.fr platform, an increase of 65% on the previous year.

These online assistance requests mainly concern :

  • phishing (31%),
  • account hacking (19%),
  • false technical supports (13%).

For professionals, ransomware accounted for 22% of attacks.

Cyber attacks affect companies of all sizes and often have disastrous consequences:

  • systems paralysis,
  • theft or loss of sensitive data,
  • creating security breaches,
  • exposure to blackmail,
  • damage to reputation,
  • commercial prejudice...

To cope with these risks, more and more companies are taking out cyber insurance.

Filing a complaint is a prerequisite for compensation

Article 5 of the French Ministry of the Interior's orientation and programming law changes the framework for cyber insurance. As of April 25, 2023, companies wishing to claim compensation following a cyber attack will have to file a claim within 72 hours. It should be noted that this rule only applies to companies and individuals in the course of their professional activity.

Initially, this controversial provision would have made reimbursement of a cyber ransom conditional on the filing of a complaint. However, in view of the government's instruction not to pay ransoms and the concerns of the industry, this provision was not adopted.

Tougher penalties

Article 6 of the law of January 24, 2023 amends the Penal Code by increasing the prison sentences and fines incurred by the perpetrators of cyberattacks. For hackers who fraudulently gain access to a data processing system, the prison sentence is now increased from 2 to 3 years, and the fine from 60,000 to 100,000 euros. For offences involving the modification or deletion of data contained in the system, the fine will now be 150,000 euros (previously 100,000 euros) and the prison sentence 5 years (previously 3 years).

The French Ministry of the Interior's "Loi d'Orientation et de Programmation" (Orientation and Programming Act) therefore includes new measures aimed at better punishing the perpetrators of cyber-attacks. Its provisions will come into force 3 months after its promulgation, on April 25.