It’s easy to watch world affairs and think they’re happening half a world away, so they don’t directly apply to business at home. However, we can’t just watch world events; we need to know how they impact us. World events are affecting our cybersecurity.
World Event Carry Potential Security Ramifications
But world events carry potential security ramifications and impact how we do business. We can no longer passively observe world affairs, nor take a bury-your-head-in-the-sand approach — these approaches are short-sighted. It takes proactive action when it comes to business security and the burgeoning cybersecurity threat.
Cyber-attacks are continually increasing, and everyone with an Internet connection is a possible victim. It’s no longer a matter of if an attack will happen; it’s a question of when a bad actor will target a company — your company.
Lower-Profile Businesses are the Low-Hanging Fruit, Ripe for Cyber-Infestation
Cyber-attacks make headlines when they involve high-profile companies, but they are the “lower-profile” attacks that companies need to consider. Even when cyber-attacks don’t make the headlines, they can still pose a significant problem for businesses of all types and sizes. Unfortunately, in the absence of regular headlines, many companies don’t keep the threat of cyber-infiltration top of mind.
Criminals Have Always Targeted People and Businesses
Remember that bad actors and criminals have always targeted organizations in our country and worldwide. However, today criminals, the “black hat cybers” (cyber-criminals) have learned well from the past, and they’re getting better and better at their craft.
According to the FBI, there are more than 4,000 ransomware attacks every day in the United States. But most of these don’t garner any headlines.
These attacks did not slow down amid the COVID-19 pandemic but instead accelerated. Unfortunately, it doesn’t appear they will subside any time soon. It’s a well-known fact that economic hard times in businesses or the economy will bring out more crime in every sector, and cybercrime and attacks are no different.
Pay Attention to Data Breaches
The Identity Theft Resource Center’s (ITRC) 2021 Annual Data Breach Report revealed that ransomware-related data breaches doubled in the last two years. At the current rate, in 2022, ransomware attacks could surpass phishing as the number one root cause of data compromises.
Companies are increasingly acting to protect themselves. But they can do more to safeguard their companies’ operations: they should be securing cyber insurance.
Why do Companies Need Cyber Insurance?
Many cybersecurity experts have predicted that bad actors could launch cyberattacks worldwide, especially in the United States. While their specific targets are anyone’s guess, no one, and no business, should leave their safety to chance.
Many companies make the mistake of thinking bad actors won’t target them. They might think they have a small staff or lack broad name recognition that can fly under the radar.
However, previous cyber-attacks have shown that hackers usually start small. They will often use an initial breach — targeting a company that doesn’t take its security as seriously as it should. Then, with many small successes, cybercriminals up their game and use newly acquired tactics as a jumping-off point to reach larger and higher profile targets.
Who Will Find and Exploit Your Businesses’ Weaknesses?
Unfortunately, no one is fully protected — and you want to protect your business, clients, and customers. Every customer has a weakness somewhere, and bad actors will find and exploit those weaknesses.
According to Hiscox, an international specialist insurer, roughly a quarter (23%) of small businesses suffered at least one cyberattack in the past year. The average financial cost to a small business was more than $25,000.
You Have Car and Homeowner Insurance — Now’s the Time for Cyber Insurance
While companies carry general liability and other more specialized insurance policies, many companies may not realize that those policies exclude cyber risks.
However, many traditional insurance policies exclude cyber risks considering the increased risks. As a result, companies need a separate policy to safeguard against a possible cyber-attack or breach.
How Does Cyber Insurance Differ From Regular Insurance?
As ransom attacks and cyber security threats have intensified, insurance companies, too, have changed their approach. So read any policy carefully and know what you are purchasing.
Cyber Insurance protects businesses from Internet-based and information technology infrastructure and activity risks. Providers typically exclude these risks from traditional commercial general liability policies. Generally, Cyber Insurance may not be defined in traditional insurance products.
Purchase a Cyber-Specific Policy
Insurance providers have developed cyber-specific policies — but many companies will not just offer a policy outright. Typically, companies must meet specific criteria to be eligible for coverage, and policyholders must maintain their eligibility annually.
Additionally, there may be specific dates when companies can renew their policies. While dates may vary from one insurance provider to another, key renewal dates for cyber insurance may include July 1 and August 1.
Yes, it may seem like double-talk, and buyer beware — but the fact remains that all insurance appears to have gone in this direction. Watch your policy carefully and ask for what you want — then read the policy to ensure you got what you specifically asked for.
How Can a Company Start the Process of Obtaining Your Cyber Insurance?
Every business needs cyber insurance, whether e-commerce, retail, state and local governments, or professional services. Many organizations may have IT professionals on staff but don’t necessarily have cyber security experts.
Companies must heed the warnings, stay abreast of the risks and proactively prepare.
Increasingly, companies are aware of cyber risks as news accounts regularly highlight high-profile cyber-attacks. But, unfortunately, many companies don’t realize their vulnerability until it is too late.
About a Third of U.S. Businesses Have Cyber Insurance
The good news is that many insurance companies act on the need and provide needed coverage. About a third of U.S. companies have a standalone cyber insurance policy, according to the Hiscox Cyber Readiness Report 2021.
Insurance companies will require companies to secure a third-party assessment — a risk assessment or a cybersecurity gap assessment — to ensure they do the basic “block and tackling” tactics.
Insurance Providers May Not Cover all Companies.
Insurance may deny coverage to companies that do not meet minimum standards to prepare for and defend against cyber threats. The specific criteria may vary slightly by provider.
Cyber insurance coverage may include data destruction, extortion, theft, hacking, and denial of service attacks. But the coverage extends beyond recovering a company’s infrastructure and could protect organizations against litigation and other liabilities.
Coverage could also indemnify companies for losses that others caused to suffer from defamation or a failure to safeguard data. Other coverage benefits may include reimbursement for security audits, criminal rewards, and investigation expenses.
The First Step in Cybersecurity is to Take Action.
Many government agencies and industry associations have issued security frameworks, including the National Institute of Standards and Technology (NIST). These frameworks often include industry-specific standards, including the payment card industry (PCI), the Family Educational Rights and Privacy Act (FERPA), and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Increasingly, companies are worried about computers and their IT hardware, but it’s not their primary focus. These protocols can be confusing, and many companies don’t know where to start the process, so they don’t act.
Inaction is probably the biggest mistake a company can make.
Companies do not need to go it alone; businesses should partner with an expert who can help identify vulnerabilities and ensure their actions are effective and comprehensive. Companies can act to better position themselves to prepare for a cyberattack.
Credible third-party companies can conduct such an assessment and offer many of the insurance companies’ services. In addition, these assessments may make companies eligible for cheaper premiums as an added benefit.
Impliment MFA, Encrypted Backup, Endpoint Detection and EDR
Companies serious about organizational security should consider implementing multi-factor authentication (MFA), encrypted backups, and endpoint detection and response (EDR). Hybrid work has become the norm and will perhaps, more than anything else, become an issue needing regular security training awareness.
Nearly 90% of successful breaches are caused by human error.
Therefore, user training is essential to educate teams on the proper cyber hygiene and how to identify possible cyberattacks they may encounter via email or on the web.
Companies should employ continuous training techniques to ensure cyber best practices stay top of mind, rather than training employees once or twice yearly.
You Don’t Have to Be or Have a Cybersecurity Expert
Acting does not require everyone to be a cybersecurity expert. However, they must start with the basics, such as a ransomware training program.
Conducting a gap assessment is an excellent way for companies to understand where to begin. In addition, cybersecurity renewals are essential and require a third party to validate a company’s approach.
Many of the requirements for cybersecurity are best practices for business.
The world continues to become an even more dangerous place. Those who want to harm will continue to evolve their methods, putting the incumbency on every business to develop their approach to prepare for the unseen dangers similarly.
No one has a crystal ball to determine when or where an attack might happen.
But, luckily, every business has the power to control the most critical element of a cyber-attack: preparing their defense.
Acting is no longer a “nice-to-have.” Instead, preparing defenses is a business imperative, and it needs to happen now. As things get worse in the world you will want your business protected.
Feature Image Credit: Photo by Cottonbro; Pexels; Thank you!