The number of Italian individuals targeted with Paragon spyware over WhatsApp could be far higher than currently known according to Citizen Lab, a human rights organisation that has investigated spyware abuses since 2012.

To date, 90 individuals, journalists and activists around the world have been told by Meta they had been targeted. Citizen Lab told the European Parliament it has found evidence of the spyware use in Italy, Australia, Canada, Denmark, Singapore, Israel and Cyprus.

There has been outrage in Italy, leading to calls for an official investigation and mounting concerns about illegal surveillance and press freedom in the country.

The Citizen Lab research group at the University of Toronto conducted an analysis of attacks involving spyware developed by Israeli company Paragon Solutions, which led to the discovery of a zero-day vulnerability in Meta’s WhatsApp communications application. Paragon has been around since 2019 and its spyware is called Graphite.

WhatsApp’s investigation traced the attack to Paragon which has a $2 million contract with US Immigration and Customs Enforcement.

The abuse of commercial spyware highlights the growing cyber risks businesses face as many companies of different sizes rely on digital communication platforms such as WhatsApp, making them potential targets for surveillance, data breaches, and cyber-attacks.

The European Commission’s response to spyware concerns has faced criticism, with MEP Saskia Bricmont advocating for stricter regulations and increased action against illegal surveillance. Businesses operating in the EU must ensure compliance with evolving data protection laws, such as the General Data Protection Regulation (GDPR), to avoid substantial fines and reputational damage.

With cyber threats increasing in complexity, businesses must adopt a proactive risk management approach, incorporating cybersecurity measures and comprehensive insurance coverage.

There are a range of business insurance solutions to mitigate risks posed by these threats including:

• Cyber Insurance – Protects against financial losses resulting from cyber-attacks, data breaches, and unauthorised access to business systems.

• Data Protection Infringement Cover – Covers liability arising from the misuse or unauthorised disclosure of sensitive data, including breaches caused by spyware.

• Errors & Omissions (E&O) Insurance– Provides coverage for businesses facing claims related to professional negligence, including security failures leading to data compromise.

• Directors & Officers (D&O) Liability Insurance – Shields company executives from personal liability in the event of regulatory investigations or legal action due to cyber incidents.

• Business Interruption Insurance – Assists with financial losses incurred due to operational disruptions following a cyber-attack.

W Denis Europe arranges comprehensive insurance for EEA based businesses, large and small, including, Data Protection Infringement Cover, Cyber, Errors & Omissions, Directors & Officers Liability and much more. If you wish to discuss your insurance requirements, please visit www.wdenis.eu or contact:

Eastern Europe

Vida.Jarasiunaite@wdenis.eu

Southern Europe

Christos.Hadjisotiris@wdenis.com

Western Europe &/or elsewhere worldwide

Mark.Dutton@wdenis.com