Cyber crime is one of the fastest growing dangers in the business world. Today’s cyber attackers are well-organised, international groups whose main goal is to breach the records of businesses. Once obtained, the attacker uses the records to exploit the company by extorting money from them, or makes money from selling the data itself. They look for vulnerabilities in software, hardware, and in staff to make their way into your system, and in many instances, a company won’t even know it’s been hacked for a week or longer, even up to a year later.
According to a recent study of 301 cities in the world, Sydney ranks 12th for cyber attack exposure with $4.86 billion of economic growth at risk.
Although big companies are a main target, attacks are not confined to them. Smaller businesses tend to have less sophisticated security than large companies that have teams of cyber security professionals. With a single attack of 1,000 records lost costing an estimated $52,000-$87,000, it’s more important than ever to have a plan for protecting your company from a cyber attack that includes Cyber Insurance for Small Business to protect your company from a potentially devastating attack.
Small Businesses Most Vulnerable to Cyber Attacks
Small businesses have limited resources to spend on protecting themselves against cyber attacks, which can make them easier targets for hackers. According to IBM, small and mid-sized businesses are hit by 62 % of all cyber-attacks, about 4,000 per day.
The vast majority of these attacks are to target money, which, when the cybercriminals have breached your system, they obtain by robbing bank accounts via wire transfers, steal customers’ personal identity information, file for fraudulent tax refunds, commit health insurance or Medicare fraud, or hold your data for ransom. Despite this danger, only 14% of Australian small businesses currently hold a Cyber Insurance policy to protect themselves against these malicious attacks!
A cyber attack can take on many forms. Phishing is one of the most common ways that cybercriminals try to breach small businesses. They target employees with emails that try to coax them into opening by making the email appear to be official business. When the email is opened or a link is clicked, malware (software that infiltrates your computer to cause harm) is downloaded, giving the criminals access to your computer. Even with clear rules to never open unknown emails, 30% of phishing emails are opened, and 12% of people go on to click on the attachment.
Data ransom is another way that cybercriminals attack their targets. Data Ransom is when criminals hold your computer files hostage until you pay them a ransom. By using a type of malware called ransomware, they encrypt the data on your computer so you can’t read it or access it and may even lock you out of your system altogether. Once you give in and pay the ransom, they will give you a decryption key to unlock your files. If you don’t pay, your files will be destroyed. Whether you choose to pay or not, your files are usually damaged or lost. Australians have become a major target of ransomware. Cryptolocker is a well-known data ransomware and recently an estimated 50-60 % of global generated attacks using ransomware were detected in Australia, second only to the U.S.
Your system doesn’t need to be hacked to be attacked. In 2016, Dyn, a U.S.-based internet infrastructure company had their servers attacked by tens of millions of botnets. Botnets are a group of internet devices connected together to perform a task, in this case, to blast Dyn’s servers with requests, overloading it and bringing it down. These devices were computers, phones, cameras, and DVRs belonging to unsuspecting users around the world. The attack brought down the websites of Dyn’s customers like The New York Times, Twitter, Pinterest, Reddit, GitHub, Etsy, Tumblr, Spotify, PayPal, Verizon, Comcast, causing business to grind to a halt. The Distributed Denial of Service attack, or DDoS, caused Dyn to lose a large part of its customer base, not to mention the losses of revenue of the individual clients.
Cyber Attacks on the Increase
Cybercriminals are becoming more industrious and sophisticated, and are constantly adapting their techniques to keep up with advancing technologies. While the business community develops better and better tools against a malicious attack, cyber attackers are constantly developing new ways to get around them. In recent years, the data breach industry has surpassed the drug industry in its lucrativeness.
The financial industry was the main target of cyber attacks and in 2015, there was a 183% increase in intellectual property theft in that industry. During that same time, the retail sector experienced a 154% increase in detected cyber attacks between 2014 and 2015 and along with it, a 159% rise in financial losses. All of this, according to PwC’s study, Global State of Information Security Survey 2016, contributed to the overall number of security incidents across all industries rising by 38% in 2015. This was the biggest increase in the last 12 years. These attacks occurred in both big business and small.
Cyber criminals are cunning. Here are some examples in which they’ve been successful in carrying out an attack:
- After infiltrating a manufacturing company’s internal system, cyber hackers were able to create a convincing email that they sent to the bookkeeper requesting a huge payment be sent to a company overseas. The employee didn’t notice that the email address was one letter off, and sent the money.
- A furniture company had their internal payment systems hacked and more than 20,000 customers’ credit card information stolen. Not only did they have to pay for an expensive forensic investigation, they had to pay damages as well as credit monitoring for all of the victims.
- A small accounting firm had their system infected with malware when a temp worker clicked on a link. The resulting investigation and repairs to the network cost the company $45,000.
Even with comprehensive training on security procedures and an entire team of network security experts, it’s still possible for your system to be vulnerable to the cyber attackers and cost your company dearly.
Cyber Risk Management for Small Business
Fortunately, there are ways to protect your company’s data from a cyber breach, one of the most important being Cyber Insurance. Cyber Insurance is an insurance product that provides protection for businesses from risks relating to their networks and their data and is designed to cover against losses from data destruction, extortion, theft, and hacking. But unfortunately, many companies don’t get cyber insurance until after they’ve experienced a cyber attack.
With the help of a knowledgeable insurance agent, you should first make an assessment of what you are protecting.
- What kind of information is it?
- How is it stored?
- Who has access?
- How do you currently protect your data, computers, network, and email?
Next, determine what will happen if there is a breach.
- Will credit card information be lost, requiring credit monitoring, restitution, and an investigation?
- Will other personal customer information be lost that may require the same?
- Does your data contain sensitive information on business customers that puts their company at risk?
- What is the potential for lawsuits?
- What happens if our servers are attacked in a DDoS attack?
Mitigation of a cyber attack is comprised of three things.
- Prevention: Proper training for all employees, up-to-date firewalls and security software, expert cyber security staff, if possible, and strict security procedures need to be put in place.
- Resolution: There need to be comprehensive plans in place in the event of a computer security breach that determine the resources and steps that will be used.
- v: There are repercussions of a data breach, and there needs to be a plan to address them. Cyber Insurance would save money and time in dealing with a breach.
Cyber Insurance provides protection against many problems that may occur as the result of an attack:
- Data Breach: If breached, a Cyber Insurance policy will cover costs associated with managing the incident, which includes any investigation, notifying the data subject, legal costs, and regulatory fines.
- Extortion: Cyber Insurance will typically cover the losses associated with data ransom such as professional fees.
- Privacy Protection: Cyber Insurance typically offers financial protection against lawsuits for failing to keep data secure.
- Business Interruption: If there is a shut down due to the attack, a Cyber Insurance policy may cover lost or reduced revenue.
- Hacker Damage: There may be costs associated with repairing, replacing, or restoring systems that have been attacked, and Cyber Insurance can help with these costs.
Cyber attacks can come from anywhere, be it from an organised group or a former employee. Attacks have netted criminals billions of dollars, caused serious damage to computer infrastructures, and have even begun influencing elections around the world. According to a recent report by the Australian Federal Government , 60% of Australian Businesses that suffered a cyber attack went out of business within 6 months. These are companies without the foresight to purchase Cyber Insurance. Had they purchased coverage, they would’ve been protected against lawsuits, costly repairs, reimbursement, and even loss of physical equipment.
As a small business owner, you may not have the resources to have an expert team of cyber security professionals in place to mitigate an attack. Cyber criminals count on that. Install a firewall, security software, school your employees on how these breaches happen, and call us. At PSC Direct, our professional insurance agents will work with you to provide a comprehensive Business Insurance policy that includes Cyber Insurance coverage to will give your company the help and resources it needs to continue on after a cyber attack. We’ll determine the amount of coverage you need to completely protect your company.
Call us today to discuss your Cyber Insurance coverage options.