Cyber attacks may seem like a remote and unlikely occurrence, but that simply isn't the case. While hacking used to be something seen mostly in movies, it's now more common than ever and no business is immune.
Despite media coverage of major hacks, such as the Equifax breach, many business owners still only take minimal measures – if they take any at all – to protect their companies. Unfortunately, cyber attacks often have devastating effects, often causing the affected businesses to close their doors for good.
In this article, we'll go over the risks of being unprotected, how to get protection, and how a cyber liability insurance policy can help.
How Vulnerable Are You?
A 2016 survey of small to medium-sized businesses revealed some startling statistics. First, only 14 percent of the 600 companies surveyed claimed to have highly effective systems in place to mitigate cyber attacks and correct vulnerabilities. Not surprisingly, then, half of these companies experienced breaches within the past year.
Second, while we mostly hear about high profile breaches at major corporations, it is small- to medium-sized businesses that are the most vulnerable, since they rarely have a dedicated IT staff and lack employee training, too. This makes them more susceptible to cyber ransom, phishing, malware, and e-commerce attacks (learn more in Why You Might Need Cyber Insurance – Even if You Run a Small Business).
Third, a 2017 Manta poll shows that 87.21% of business owners do not feel they are at risk of experiencing a data breach. The same survey, however, also shows that this confidence doesn't come from having secure systems: only 17% reported using antivirus software and only 14% use anti-malware software.
All of this points to the same conclusion: many businesses do not take the threat of cyber attacks too seriously, but they should.
Growth in Cyber Crime
According to Symantec’s April 2017 Security Threat Report, data breaches almost doubled from 2015 to 2016. Breaches exposed over 1.2 billion identities, with most attacks taking less than 2 minutes.
The variety of threats continually grows, too. Companies must stay abreast of the latest technologies and adopt best practices to protect themselves from cyber attacks. The Computer Crime and Intellectual Property Section (CCIPS) of the Justice Department states that “ransomware is the fastest growing malware threat.” But it is far from the only one.
According to 2017 IBM X-Force Threat Intelligence Index, spam emails increased fourfold in 2016, increasing the likelihood that employees receive phishing scams attempting to retrieve personal information, such as user names and passwords.
Malware infections also doubled from 2015 to 2016, mostly through Android phones. With more companies relying on mobile technology to connect employees and provide superior customer service, there is an increased need to take precautions. Regrettably, employees entrusted with sensitive information may use public Wi-Fi, fail to update their devices, not bother with antivirus software, or use simple and easily cracked passwords (for related reading, see How to Protect Against Identity Theft).
Even if a hacker does not use ransomware to extort money from your company, the costs associated with rectifying the situation are colossal.
Most states require customer, supplier, and third-party notifications which cost tens of thousands of dollars. Experiencing a hack can also seriously damage the trust you've built with customers, clients, and investors. If your reputation is harmed as the result of a cyber attack, you may need to hire a PR firm. And to deal with the situation effectively, you will need to hire lawyers, train employees, and develop best practices and procedures.
A major customer disruption can be financially catastrophic. Ponemon Institute's 2017 Cost of Data Breach Study found that each instance of records being compromised costs a company $225, for an average cost of $37k per breach. These costs are not easy to bear, and statistics from the National Cybersecurity Alliance indicate that 60 percent of small businesses close following an attack.
Recognizing the threat is the first step towards finding solutions. Naturally, establishing proper protocols and using up-to-date software is your first layer of defense. Industry experts such as Microsoft, Cisco, and Symantec recommend the following security measures for businesses.
- Inventory Current Technologies – Make sure you are using a firewall, anti-virus, anti-malware, and intrusion detection software
- Identify Valuable Assets – Understand what’s at risk and who can access your data to highlight any weaknesses in your systems and procedures; encrypt stored data to add a layer of protection
- Use Digital Certificates – Protect each website with an SSL security certificate from a trusted authority
- Budget for Security – Kaspersky provides a handy IT security budget calculator to help you determine how much of your budget should be allocated to cyber security
- Restrict Removable Media – Flash drives and removable hard drives simple and convenient, but they are also easily breached, lost, or stolen
- Filter Spam – Using spam filters on email servers removes unwanted emails from inboxes, reducing the likelihood that someone in your company will be the victim of phishing attacks
- Update Patches and Software – Defenses are only effective if they keep up with new threats, so make sure they are regularly updated
- Back Up Your Data – Ransomware can block you from accessing important customer data, so back up your information on a heavily encrypted, secure, off-site location
- Train Users – Educated users take fewer risks with your company's data
Cyber Liability Insurance
Businesses should also seriously consider purchasing cyber liability insurance to protect them if their defenses fail.
Cyber liability insurance can cover losses from a data breach, as well as crisis management costs. For instance, resolving hacks involves an investigation and remediation. You may need additional resources to handle customer notifications and to manage calls, too. Most states require notifications, but even if you operate in an area that does not demand it, it's a crucial step to salvaging your reputation.
Covered costs may also include cleaning infected devices and systems, legal fees and court attendance, and penalties and fines. Most policies also cover multimedia and media liability, such as a damaged website or social media account, or property right infringement to third-parties.
Cyber liability insurance also protects your business from extortion and fraud and the associated legal fees. You may also obtain coverage that provides credit monitoring services, protection for business interruption losses, and network liability costs if hackers access third-party data.
Protect Your Data
Your data is a very important asset. Cyber liability insurance is no longer something that would be nice to have; it’s become a necessary precaution.
As data breaches increase and become more sophisticated, it is more important than ever to ensure multiple layers of protection. Many data security experts claim that businesses should not wonder if a breach will occur, but when. With that kind of warning, additional insurance coverage seems like a reasonable and affordable measure.