The cybersecurity threat continues to worsen. In the first half of 2018, the number of cyber breaches soared over 140% from a year earlier, leading to 3.3 billion compromised data records worldwide, reports Gemalto, an international data security company. Malicious outsiders sparked more than half of the 944 breaches and accounted for roughly 80% of stolen, compromised or lost records. Identity theft continues to lead data breach types, but financial access incidents are escalating in severity as well. The issue of cyber security and small and medium-sized companies is becoming vital.
The United States continues to be the favourite target, and data breaches at major US enterprises continue to grab the headlines. In 2018, the most notable breaches have occurred at Adidas, FedEx, Jason’s Deli, Macy’s, Under Armour, Nordstrom’s and most infamously, Facebook.
Small and medium-sized companies are increasingly targeted
As for cyber security and small and medium-sized companies, many are realising that they are viewed as attractive a target as the larger companies. Cisco’s 2018 SMB Cybersecurity Report found that 53% of mid-market companies in 26 countries experienced a breach. For these companies, the top security concerns are targeted phishing attacks against employees, advanced persistent threats, ransomware, denial-of-service attacks and the proliferation of employees allowed to use their own mobile devices.
Malware of all types is a huge problem. It is becoming more difficult to combat as cyber-attackers get more adept at developing software that can evade traditional detection and employ more sophisticated malware.
For small and medium businesses, one breach often puts a victim out of business. That’s because 54% of all cyber-attacks cause financial damages exceeding $500,000, the 2018 Cisco SMB cybersecurity report shows. That price tag along with a damaged reputation are hard to survive. If they do survive, they still face significant system downtime that averaged eight hours or more in the last year. Further, such companies often lack the IT talent, budget and technologies to prevent, uncover and respond to an attack.
How businesses can find the right cyber insurance cover
How to better defend against cyber-theft
Unsurprisingly, there is no easy solution – and none is likely within the near future – to prevent data breaches. But all businesses, especially small and medium sized companies can become better prepared and more adept at protecting against cyber-crime.
Here are five actions concerning cyber security and small and medium-sized companies that can be taken to become more security-conscious:
1. Conduct a security audit. Learn how secure your network and other security systems are, where vulnerabilities exist and how to resolve them. If you consider cybersecurity insurance — currently the fastest-growing insurance — or have coverage from a business insurer, the insurer can usually refer you to resources to assist in the audit.
2. Ensure you have a proper backup system. And make sure it is easy to access in case you need to restore one piece of the system rather than the entire system. Enterprise-level cloud systems can help.
3. Examine all the entry points into your system and consider where they are vulnerable. These include all your workstations, communications and mobile devices as well as employee access cards, the internet and cameras.
4. Assess your system threats. These include client lists, passwords, data logs, backups and emails, and anyone who specifically has access to the system, including customers and vendors.
5. Put a prevention system in place to defend against intruders. Put yourself in the place of the cyberattacker and consider the possible ways the attacker could access your system and steal your data. If your internal IT staff isn’t experienced enough to handle, entrust a third-party firm, because the prevention system must cover physical and digital security.
It will pay to increase spending on cyber-security protection, developing qualified cyber security personnel and, perhaps, hiring a chief information security officer. Global spending on cyber security products and services is seen exceeding $1 trillion cumulative from 2017-2021, compared to a global cyber security market of just $3.5 billion in 2004. Businesses seem to be getting the message, but not fast enough, as far cyber security and small to medium-sized companies, the message needs to be absorbed much faster.
How diversity can help fight cyber-attacks
Cyber Insurance attracts more small and medium business
Cyber Insurance is another purchase small and medium businesses are considering. The overall market grew substantially in 2017 with direct premiums written surging 32% to $1.8 billion and policies in force rising 24% to 2.6 million, reports A.M. Best, the insurance rating and information firm. The reinsurance giant Munich Re foresees the cyber insurance market doubling by 2020, and it notes that cyberattacks could threaten the existence of SMBs.
In general, small and medium businesses are finding increased accessibility for cyber security, more customized policies and increased oversight by state and federal regulators. In addition, large enterprises are expected to increasingly mandate cyber insurance for small businesses. Indeed, a report by Statistica, an online market research and business intelligence portal, found that nearly 30% of small and medium businesses purchased cyber insurance in April 2017 for contract compliance reasons.
AI for cyber, you don’t need to know what the threat is, just the network, says Darktrace
With the continued spike in cyber breaches, it’s clear that all businesses, must improve their security. Simply investigating all security alerts received will help since over half now go uninvestigated. More small and medium businesses say they realize how critical it is to have a secure, protected network and system. Unfortunately, some only recognize it after they’ve suffered an attack costly to their reputation and their business.
Michael Fitzgibbon is Vice President of Insurance Services and Chief Underwriting Officer at Slice Insurance Technologies Inc., a New York City-based InsurTech company that provides on-demand insurance and technology.