It’s no longer a matter of if your business will be impacted by a cyber breach, but when. (Photo: iStock)
Think you’re immune from a cyber attack? Think again.
Here are a couple of stats that will keep you up at night, whether you’re a Fortune 500 company, or a small or medium sized organization:
— 70% of cyber attacks target small businesses.
— 60% of hacked small and medium-sized businesses fail within six months following a breach.
Unfortunately, it’s no longer a matter of if your business will be impacted by a breach, but when. That’s because cyber schemes are evolving quickly and becoming more complex. For these reasons, the consequences of an attack are increasing at an alarming rate.
Ever smarter hacks
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. There are exceptions, but victims often quickly pay the ransom demand in order to regain access to their data, servers or computers. Ransomware attacks were virtually unknown 10 years ago. In the past two years, however, victims have paid more than $25 million in ransoms.
Ransomware is lucrative to criminals and the reason why attacks on businesses grew tenfold from 2015 to 2016. Deviations of ransomware and other cyberattacks grew 400% in 2016 alone.
Some of the more common deviations include phishing and social engineering, financial and personal data breaches. Some attacks occur as a result of employee carelessness, like losing a company laptop, or negligence, such as ignoring corporate controls on password updates. Many times, however, employees open files, links or emails that appear to be from legitimate sources, but result in a breach. Cyber criminals understand and prey on human weakness and business vulnerabilities.
There is no way to stop attacks from hitting a business, and they will only continue to evolve as hackers dream up new ways to compromise systems or steal data and sell it on the Dark Web.
Business priorities change by industry
All types of business are susceptible to an attack. Attacks may impact you differently depending on your business sector. The important thing to remember is that whether you’re a Non-Profit entity, a Professional Services Organization or a Healthcare provider, you are all vulnerable. Understanding how a cyber attack would impact your specific business is critical. Working with your IT Department and establishing a strong internal security plan is key in minimizing your exposure to an attack.
The consequences are real, but not just for your IT Department. In today’s climate, company officers and the board members can be held accountable by shareholders and investors. Because they have a fiduciary responsibility for maintaining the financial stability of an organization, a risk management program that includes cyber insurance is a way of meeting that obligation.
Cyber attacks are almost inevitable, which makes them somewhat of a predictable business risk. Cyber insurance helps a business deal with the aftermath.
Here are six examples of some of the costs:
- Ransom demands
- Forensic costs
- Business interruption
- Reputational harm
- Public relations
- Legal advice
The moral of the story is hackers know your vulnerabilities better than you do. They will always be 10 steps ahead. All businesses need to take the proactive approach rather than the reactive and suffer consequences if they’re not properly prepared.
Wendy Caruso and Jennifer Sanborn are vice presidents in the Property & Casualty Practice at Corporate Synergies. The opinions expressed here are the writers’ own.