Differences Between Active Security and Passive Security

Key Points

1 What active and passive cybersecurity are, and how they differ.

2 Real impact of cyberattacks: data, reputation, legal costs, and downtime.

3 Key measures: policies, patches, verified backups, segmentation, and response.

4 WannaCry case: how it affected unprotected companies and the lessons learned.

5 Cyber insurance: what it covers and how it supplements cybersecurity.

IT security is a complex topic, especially in recent times, as the rise of remote work and the accelerated digital transformation of businesses has led to a significant increase in vulnerabilities and weaknesses. Hackers and cyber-criminals exploit potential weak points to introduce malware in order to steal important data from companies and even slow down or disable their systems or networks.

To ensure optimal levels of protection in IT systems and networks, organisations need to implement two types of IT security systems: active security and passive security. What do they consist of? What are the differences between them? At RibéSalat, we explain it in detail.

IT security

What are active security and passive security?

Computer security, IT security or cybersecurity can be defined as a set of Information and Communications Technology (ICT) mechanisms and procedures designed to provide protection, and involve a wide range of systems and devices: hardware, software, networks and all types of computer equipment, including mobile devices (smartphones and tablets) and computers.

The importance of implementing active and passive security systems

Ensuring the security of digital data and information, as well as your IT systems, is a difficult objective to achieve but one that is absolutely necessary, a challenge faced by all companies, regardless of their size, and also by self-employed professionals.

Otherwise, they risk exposing the data and information they process to hackers and cyber-criminals, whose objective is to use them for fraudulent purposes: the sale of personal data, making purchases or carrying out banking transactions without your consent, identity theft, etc. The consequences can be the loss of customers and the credibility of the company or professional, financial damage, and heavy fines and penalties. Another possible risk is digital sabotage, which can seriously affect the operations, profitability and effectiveness of the organisation.

In view of the serious consequences that a cyberattack may have for a company, it is essential to use the tools available and implement all the measures necessary to avoid this, both those that are preventive (active) and those that focus on dealing with the situation when there has already been a security incident (passive).

Difference between active and passive security

The difference between active and passive computer security is that the former attempts to prevent the attack or incident before it occurs, meaning it is proactive. In contrast, passive security refers to measures the company takes to respond to computer security issues when they have already occurred and try to find a solution.

Below we list the main measures for each type of IT security.

Active security measures

The installation of effective, up-to-date antivirus software on company equipment, networks and systems, in order to combat the main types of malware (computer viruses).
The design and implementation of effective policies for managing user passwords, credentials and authorisation.
Cybersecurity awareness and training campaigns for all employees.
Internal and external audits to detect vulnerabilities in systems and equipment, and resolve them.
Regular frequent backups of the company’s software, applications, information and data.

Passive security measures

Elimination of malware from infected equipment using appropriate software.
Recovery of lost or damaged information from previously made backups.
If a cyberattack has been detected, make hard disk partitions or use independent repositories to prevent the spread of malware.

Generally speaking, active security is considered the ideal option, as it involves taking measures to prevent any computer incident. The most advanced prevention systems, recommended for companies with particularly sensitive information (banking, healthcare, traffic control and other basic services) rely on the services of analysts specialised in preventing and neutralising future cyberattacks through complex defence systems, which combine the knowledge and experience of past situations with real-time information relating to multiple parameters.

Impact of cyberattacks on companies

IT security protects revenue, data, and continuity. When it fails, the impact translates into direct losses and knock-on effects on sales, operations, and compliance:

Loss of critical and financial data

Exfiltration, encryption, or deletion of accounting information, intellectual property, and customer databases.
Increased costs due to restorations, audits, IT overtime, and urgent acquisition of tools.
Risk of incorrect decisions due to working with incomplete or manipulated data.

Reputational damage

Decline in trust and increased customer churn, especially if the organisation handles personal data or payment information.
Difficulty closing deals and higher acquisition costs due to increased commercial friction.
Internal impact: demotivation and turnover if crisis communication is poorly managed.

Legal and regulatory costs (GDPR, LOPDGDD)

Obligations to notify authorities and affected parties within strict deadlines.
Potential sanctions and civil claims arising from cybersecurity breaches.
Costs of legal advice, due diligence documentation, and updating policies and contracts.

Business disruption

Downtime of key applications and services; performance degradation due to reactive responses.
Technical teams diverted to containment and remediation tasks, causing a domino effect on projects.
Loss of productivity and sales due to unavailability, bottlenecks, and long recovery times.

The role of cyber insurance

Cyber insurance transfers part of the financial risk of incidents that affect IT security. It does not prevent the attack, but it reduces the financial cost and accelerates the return to normal through specialised assistance.

What is cyber insurance?

It is a policy that protects against economic losses resulting from incidents that affect your IT security. To take out a policy, minimum maturity requirements are usually demanded (MFA, verified backups, patches, response plan), and the limits, sub-limits, and excesses are adjusted according to the risk profile. Let’s see exactly what it covers:

Data and systems recovery costs: restoration from backups, environment reconstruction, forensic analysis and containment. It usually includes technical hours, tools and certified suppliers.
Liability to customers or third parties: compensation for data breach, unavailability of services, or protection failures. It includes legal defence and negotiation with claimants.
Legal costs and penalties: attorney fees, compliance with deadlines and formal communications. Some policies limit or exclude administrative sanctions: review conditions.
Incident support services: 24/7 support, response coordination, crisis management, and public communication. In ransomware attacks, support in assessing and managing extortion, always within the applicable legal framework.

Aspects to review before purchasing

Limits per event and annual aggregates, sub-limits by item (forensic, PR, notifications).
Excesses and waiting periods.
Exclusions (internal fraud, known existing faults, serious breaches).
IT security maturity prerequisites (MFA, EDR, patches, verified backups, response plan).

Prevention vs. coverage

It is important to note that insurance does not replace IT security: it covers the residual impact. An effective strategy combines controls and insurance, incorporating all the elements of active cybersecurity mentioned earlier.

The day half the world was encrypted: the WannaCry case

WannaCry was a ransomware attack that spread on 12 May 2017 by exploiting the SMBv1 vulnerability (MS17-010), which Microsoft had already patched in March, automatically encrypting devices across entire networks. Within a few hours, it affected over 200,000 devices in at least 150 countries, according to Europol and subsequent technical reports. Notable victims included NHS hospitals in the UK, causing ambulance diversions and appointment cancellations, and companies such as Telefónica and Renault-Nissan, which halted operations to contain the outbreak. The global economic impact was estimated in the billions of dollars.

A common pattern among the hardest-hit organisations was a lack of basic cybersecurity controls: unpatched systems, no network segmentation, and unverified backups, allowing the ransomware to move laterally and disrupt business continuity. In the NHS, official reports highlighted that insufficient preparedness and outdated IT practices amplified disruption and recovery costs, underlining the need for regular updates, audits, and resilience testing. The key lesson: organisations that maintained up-to-date patches, segmentation, and recoverable backups drastically reduced the impact.

Prevention and coverage combined

Cybersecurity requires an intelligent combination of preventive (active) controls and containment and recovery measures (passive). This reduces the likelihood of intrusions and limits their impact on data, operations, reputation, and regulatory compliance. However, no system is infallible: a well-designed cyber insurance policy enables a rapid response, funds recovery, and protects the organisation against claims and legal costs.

At RibéSalat, we help assess risks, define the IT security requirements demanded by insurers, and obtain the cyber insurance that fits your actual exposure. If you want to strengthen your protection and be prepared for incidents, contact us for personalised advice.

FAQs

What is cybersecurity?

Cybersecurity is the set of policies, processes, and technologies designed to protect the confidentiality, integrity, and availability of information and the systems that process, store, and transmit it, aiming to reduce operational, legal, and reputational risks from internal and external threats.

What are the 3 types of cybersecurity?

Three approaches are typically defined: preventive or active security (controls that prevent incidents, such as patches and MFA), detective security (monitoring, alerts, and analysis to identify anomalies), and reactive or passive security (containment, eradication, and recovery to restore operations and learn from incidents).

What are the 4 principles of cybersecurity?

The basic pillars are confidentiality (only authorised access), integrity (data remains complete and unaltered), availability (operational resources when needed), and accountability or traceability (recording and attributing actions for audit and compliance).

What types of security systems exist?

At a technical and organisational level, these include identity and access controls (IAM, MFA), endpoint and network protection (EDR, firewalls, segmentation), encryption and password management, backups and business continuity, monitoring and response (SIEM/SOC), and governance (policies, training, risk management, and compliance).

What is the difference between a cyberattack and a data breach?

A cyberattack is any malicious action attempting to compromise systems or services. A data breach is the exposure, alteration, or loss of protected information. An attack may not result in a breach if stopped in time, whereas a breach confirms an impact on the information.

What types of companies need cyber insurance?

Any organisation with a significant digital dependency, that processes personal or sensitive information, provides critical services to clients, or faces high regulatory requirements can benefit from cyber insurance. Its function is to cover residual risk after cybersecurity controls, adjusting limits and coverage to the exposure profile.

Differences between active security and passive security in IT