Font Size: A A A


The Cards of No Phish

The insurer Hiscox has launched a card game. The aim, to help businesses learn about cyber readiness. No Phish arose out of the firm’s fifth annual Cyber Readiness Report, which suggested the number of cyber-attacks against businesses rose in 2020, with one in six firms attacked saying its survival was threatened.

The deck of 36 cards, for download and print from the Hiscox website, contains card types like viruses, ransomware and business email compromise, each of which are combated by security cards like multi-factor authentication (MFA), back-ups and employee training. During a game, players take turns playing malicious attack cards and responding with security cards to simulate the issues the types of incidents a business may face. The first one to get rid of all of their cards is declared the winner.

While specific security cards are designed to respond to particular threats, such as multi-factor authentication combating the business email compromise card, players can reveal a secret weapon that can be played against any threat: that weapon being higher IT budgets.

The report found that cyber spending has increased to meet the challenge brought on by the pandemic, with a majority (63pc) of companies surveyed dedicating 21pc of their IT budget to preventing cyber-attacks. About the cards:

Multi-factor authentication: A security precaution which grants a user access only after presenting evidence from two or more devices. Pairs with the business email compromise card.
Anti-virus: Security software that detects instances of malware and protects your system from attack. Pairs with the virus card.
Employee training: The number of businesses mentioning increased spending on training in 2021 is down 40pc to 32pc. Pairs with the phishing card.
Back ups: Backing up your data frequently online and offline provides you with a back-up plan should your system be compromised. Pairs with the ransomware card.
Virus: 31pc of firms affected by a cyber-attack had to deal with a virus infection. Pairs with the anti-virus card.
Phishing: 28pc of businesses identified phishing as the first point of entry for a cyber-attack they experienced. Pairs with the employee training card.
Ransomware: One-in-six firms attacked were hit with a ransom and more than half (58pc) paid up. Pairs with the back ups card.
Business email compromise: 28pc of firms had to deal with payment diversion fraud arising from business email compromise. Pairs with the multi-factor authentication card.
Secret weapon: The No Phish trump card, allows you to play your turn no matter what card is played.

Stephen Ridley, Hiscox UK Cyber Underwriting Manager, said: “The pandemic has presented greater cyber security risks for UK businesses, and it’s more important than ever for all of us to have a fully rounded understanding of the cyber threats businesses face. With more people working from home, we thought it was the perfect opportunity to do something different, which is why we created a card game.

“No Phish provides us with a unique way of introducing new audiences to the fundamentals of cyber readiness and we hope it serves as both an entertaining and educational experience.

“We know that this threat isn’t limited to particular countries, and whilst it’s evident that UK businesses are continuously investing in cyber defences, it’s important that increased investment continues to prevent grave financial losses.”

For the card game and a breakdown of the rules visit:
For a full copy of Hiscox’s Cyber Readiness Report 2021 –


Related News