Cyber Risks and Liabilities : Cyber Security

cyber risk

High-profile cyber risk on companies such as Target and Sears has raised awareness of the growing threat of cybercrime. Recent surveys conducted by the Small Business Authority, Symantec, Kaspersky Lab, and the National Cybersecurity Alliance suggest that many small business owners are still operating under a false sense of cybersecurity. The statistics of these studies are grim. The vast majority of U.S. small businesses lack a formal Internet security policy for employees. Also, it is about a half have even rudimentary cybersecurity measures in place. Furthermore, only about a quarter of small business owners have had an outside party test their systems to ensure they are hacker-proof. Also, nearly 40 percent do not have their data backed up in more than one location.

Cyber Risk for Small Businesses

Don’t Equate Small with Safe

Despite significant cybersecurity exposures, 85 percent of small business owners believe their company is safe from cyber-attacks. This disconnect is largely due to the widespread, albeit mistaken, belief that small businesses are unlikely targets for cyber attacks. In reality, data thieves are simply looking for the path of least resistance. Symantec’s study found that 43 percent of attacks are against organizations with fewer than 250 employees.

Outside sources like hackers aren’t the only way your company can be attacked. Often, smaller companies have a family-like atmosphere and put too much trust in their employees. This can lead to complacency, which is exactly what a disgruntled or recently fired employee needs to execute an attack on the business.

Attacks Could Destroy Your Business

As large companies continue to get serious about data security, small businesses are becoming increasingly attractive targets. Moreover, the results are devastating for small business owners. According to a 2017 study by the PI, the average annual cost of cyber attacks for small businesses was over $2.2 million. Most small businesses don’t have that kind of money lying around, and as a result, nearly 60 percent of the small businesses victimized by a cyber attack close permanently within six months of the attack. Many of these businesses put off making necessary improvements to their cybersecurity protocols until it was too late because they feared the costs would be prohibitive.

10 Ways to Prevent Cyber Risks and Attacks

Simple economical steps you can take to reduce your risk of falling victim to a costly cyber attack:

  1. Train employees in cybersecurity principles.
  2. Install, use and regularly update antivirus and antispyware software on every computer used in your business.
  3. Use a firewall for your internet connection.
  4. Download and install software updates for your operating systems and applications as they become available.
  5. Make backup copies of important business data and information.
  6. Control physical access to your computers and network components.
  7. Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden.
  8. Require individual user accounts for each employee.
  9. Limit employee access to data and information, and limit authority to install the software.
  10. Regularly change passwords.

Cyber Risk and Attacks – A Growing Business Interruption Threat

When you think about what usually causes a business interruption, natural disasters such as fires, earthquakes, and floods probably come to mind first. These events can physically damage your property and equipment, making your workspace unusable for a time. The damages from Hurricane are great examples of how a natural disaster can put a halt to a business’s operations. Many of those affected businesses remain closed to this day.

While natural disasters are still the main reason for an interruption, another cause is quickly moving up the ranks: cyber attacks. As businesses continue to rely on computers and digital storage of essential data, cyber-attacks will continue to be a potential exposure. Indeed, read on to learn how a cyber attack could lead to business interruption and what you can do to mitigate the risk.

How can a cyber attack cause a business interruption?

Hackers, thieves, and other unauthorized individuals have become adept at exploiting weaknesses in a business’s computer system, whether through traditional hacking methods or social engineering. There are several types of attacks that could completely cripple your ability to perform normal business activities, including:

  • Malicious code that renders your website unusable.
  • Distributed denial of service (DDoS) attacks that make your website inaccessible to employees and customers alike.
  • Viruses, worms or other code that deletes critical information on a business’s hard drives and other hardware.

It is quite easy to see how any of these events might leave your company scrambling to do business. Unfortunately, many smaller businesses don’t have the manpower available to detect the problem and work on fixing it, which only increases the length of an interruption.

Third-party interruptions can have a major effect on your business

It can still affect you even if it isn’t your business that experiences a cyber attack. Imagine what would happen if one of your vendors suffered an attack, resulting in a complete shutdown of its warehouse or website. Unfortunately, attacks on third parties are out of your control. Such an event could have a profound effect on how much business you are able to do, and that would trickle down to your customers, who may rely on your products or services.

Ways to prevent a cyber attack from causing a business interruption

A common saying in the cybersecurity world is, “It’s not if you’ll be a victim of a data breach, but when.” While 100% protection is impossible, you can help lower your chance of business interruption due to a cyber-attack by following these tips:

  1. Create a formal, documented risk management plan that addresses the scope, roles, responsibilities, compliance criteria and methodology for performing cyber risk assessments. This plan should include a characterization of all systems used at the organization based on their functions, the data they store and process and their importance to the organization.
  2. Make sure all firewalls and routers are secure and kept up to date.
More Cyber Risk steps:
  1. Implement a cybersecurity policy that educates employees about the dangers of computer intrusions and how to prevent them. NEWS Insurance Services can help you draft a cybersecurity policy specifically tailored to your company.
  2. Download and install software updates for your operating systems and applications as they become available.
  3. Implement a strict password policy and have employees change system passwords every 90 days.
  4. Limit employee access to company data and information, and limit authority to install the software.
  5. Make sure that your cyber liability insurance covers you.
How can cyber liability coverage help?

Most traditional commercial general liability (CGL) policies will not cover business interruption losses due to a cyber event. Luckily, cyber liability coverage can fill that void. Should your business be unable to perform normal business operations, a cyber liability policy can help pay for expenses related to an interruption. The coverage pays for:

  • Lost income due to the event
  • Profits on the event that not occurred
  • Operating expenses, such as utilities, they should pay you even though your business temporarily ceased
  • Rented or leased equipment
Cyber liability coverage also helps protect your business from the following events:
  • Data breaches, including costs for customer notification, some legal costs and credit monitoring for those affected.
  • Damages to third-party systems, if, for example, an infected email from your servers crashes the system of a customer or vendor.
  • Data or code loss due to a natural disaster or malicious activity. Also, it covers your physical destruction of equipment under a different policy.
  • Cyber extortion, including ransomware, which is malicious code installed into a computer on your network that prevents you from accessing it until a ransom is paid

Your Emerging Technology Partner

A data breach could cripple your small business, costing you thousands or millions of dollars in lost sales and/or damages. Even though business interruptions due to cyber-attacks are relatively uncommon, being unprepared for one could prohibit you from doing business as usual. Contact NEWS Insurance Services today. We have the tools necessary to ensure you have the proper coverage to protect your company against losses from cyber attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *