Hiscox launches card game to educate businesses on cyber security

No Phish was inspired by Hiscox’s fifth annual Cyber Readiness Report, which reveals that the number of cyber attacks perpetrated against businesses rose from 38% in 2019 to 43% in 2020, with one-in-six of those firms attacked venturing that their very survival was threatened as a direct result.

The deck of 36 cards, available to download and print from the Hiscox website, contains card types like viruses, ransomware and business e-mail compromise, each of which are combated by security cards like multi-factor authentication, back-ups and employee training.

During a game, players take turns in playing malicious attack cards and responding with security cards to simulate the issues and types of incidents that a business may face in the real world. The first player to divest themselves of all of their cards is declared the winner.

While specific security cards are designed to respond to particular threats, such as multi-factor authentication combating the business e-mail compromise card, players can reveal a ‘secret weapon’ that may be played against any threat (that weapon being higher IT budgets).

The Cyber Readiness Report found that cyber spending has increased to meet the challenge brought on by the pandemic, with the majority (ie 63%) of companies surveyed dedicating 21% of their IT budget to the concentrated task of preventing cyber attacks.

The Cards of No Phish

Multi-factor authentication: A security precaution which grants a user access only after presenting evidence from two or more devices. Pairs with the business e-mail compromise card

Anti-virus: Security software that detects instances of malware and protects your system from attack. Pairs with the virus card

Employee training: The number of businesses mentioning increased spending on training in 2021 is down 40% to 32%. Pairs with the phishing card

Back-ups: Backing-up your data frequently online and offline provides you with a back-up plan should your system be compromised. Pairs with the ransomware card

Virus: 31% of firms affected by a cyber attack had to deal with a virus infection. Pairs with the anti-virus card

Phishing: 28% of businesses identified phishing as the first point of entry for a cyber attack they experienced. Pairs with the employee training card

Ransomware: One-in-six firms attacked were hit with a ransom and more than half (58%) paid up. Pairs with the back-ups card

Business e-mail compromise: 28% of firms had to deal with payment diversion fraud arising from business e-mail compromise. Pairs with the multi-factor authentication card

Secret weapon: The No Phish trump card allows you to play your turn no matter what card is played

Greater risk

Stephen Ridley, cyber underwriting manager at Hiscox UK, commented: “The pandemic has presented greater cyber security risks for UK businesses. It’s now more important than ever for all of us to have a fully rounded understanding of the cyber threats businesses face. With more people working from home, we thought it was the perfect opportunity to do something different, which is why we created a card game.”

Ridley continued: “No Phish provides us with a unique way of introducing new audiences to the fundamentals of cyber readiness and we very much hope that it serves as both an entertaining and educational experience.”

He concluded: “We know that this threat isn’t limited to particular countries. While it’s evident that UK businesses are continuously investing in cyber defences, it’s important that increased investment continues to prevent grave financial losses.”

*Hiscox’s No Phish card game and a full breakdown of the rules can be found at the following URL: https://www.hiscox.co.uk/business-blog/no-phish-cyber-awareness-card-game

**A full copy of the Hiscox Cyber Readiness Report 2021 can be accessed online at https://www.hiscox.co.uk/cyberreadiness