Now that cyber-attack damage is tax-deductible in the US, Business AM has investigated whether this may also be an option soon in Belgium.
Why is this important?Belgium is the country most vulnerable to ransomware attacks. With the increasing prevalence of cyber attacks, paying ransoms has become more and more expensive. Companies must now find a solution for the future.
Belgium is the country most vulnerable to cyber attacks. This is stated in the 2021 Electronic Readiness Report from insurers Hiscox and Statista. About 50 percent of Belgian companies have already experienced a cyber attack. “The majority of attacks are fraud attempts, such as phishing or extortion by fake Microsoft employees,” said Catherine Eggers, a spokeswoman for the Center for Cyber Security Belgium (CCB). But there are also reports of account hacks. “But there are also reports of account hacks,” said Catherine Eggers, a spokeswoman for the Center for Cyber Security. Belgium (CCB): “Ransomware.”
Ransomware is a technique used by criminals to hijack critical systems and data of a company. Then the company can’t operate until they pay the criminals a ransom.
One in five cyber attacks in Belgium are ransomware attacks. This makes Belgium the most digitally held country. Even three out of ten companies start paying. Belgian companies lose 100 million euros every year. However, according to the report, we spend the least money on cybersecurity.
Not tax deductible
Cybercrime is becoming more and more common, and companies are already calculating the damage from cyberattacks as a fixed cost. In the US, this week they found a solution. From now on, damage from cyber attacks becomes tax-exempt.
But what about Belgium? Hermann de Knig, director of the Fiscale Hogeschool in Brussels, doubts whether current legislation allows such a thing. “Within corporate income tax, an expense must meet a number of conditions in order to be deductible. For example, it must have something to do with professional activity. A company that has to pay a ransom because its IT systems have been compromised must be able to prove That spending is a professional activity. The question is: How do you do it? It’s hard to prove.”
“Cyber attacks often happen from abroad,” says De Cnijf. “For payments abroad, corporate income tax requires the identity of the recipient. In the event of a cyber attack, you don’t know who the recipient is. In that case, you can’t deduct the damage for tax purposes.”
Insurance is the best option
Paying the ransom to criminals may seem like a cheap option in the short term, but attacks are increasing every year. Electronic insurance is currently fairly cheap and can absorb the swipes that the company may have to take.
In this way, the insurance company can absorb the loss of income, but also the claims from victims of privacy leakage. In addition, ransoms and in some cases even administrative fines can be partially recovered.
Zombie specialist. Friendly twitter guru. Internet buff. Organizer. Coffee trailblazer. Lifelong problem solver. Certified travel enthusiast. Alcohol geek.