Cyber criminals are getting smarter: Is your business prepared?
Virtually every business, big or small, is sitting on a goldmine for cyber criminals. Sensitive customer information such as names, addresses, email addresses, and billing information offer lucrative opportunities in the world of cyber crime and are often worth the risk for hackers.
As the cyber battleground evolves, the Hiscox Cyber Readiness Report surveys professionals worldwide annually to map the shifting trends in cyber security. For this year’s report, Hiscox surveyed over 5,000 professionals in the US, UK, Belgium, France, Germany, the Netherlands, Spain, and Ireland who are responsible for their company’s cyber security. Included in the respondents were over 1,000 professionals in the US. The survey took place between December 24, 2019 and February 3, 2020. Small, medium, and large businesses were all represented.
Survey respondents answered questions about the number and size of attacks they experienced, how they prevented and dealt with incidents, and what they did after a breach. Their experiences can help your company be ready when hackers find you.
Here’s what you need to know about being prepared for a cyber incident.
The scope of the cyber problem for businesses
This year’s report found that the median cost of a cyber event rose dramatically to $50,000 compared to $10,000 last year. The number of events declined, however, with 41% of firms reporting an event compared to 53% the prior year. This indicates that hackers are becoming more targeted and opportunistic.
The research that led to the report was conducted prior to the coronavirus pandemic, so its impact is not reflected in this year’s results. But hackers appear to have been quick to exploit the increase in the number of people working from home to their advantage, capitalizing on what may be relaxed security measures by at-home employees.
The consequences of a cyber incident or breach are beginning to extend much further than just the cost of data recovery and notification. Fifteen percent of respondents reported that their company’s reputation suffered as a result of a cyber event, up from 3% last year.
How companies react to a cyber attack
The good news is that companies are realizing the toll that cyber-attacks can take on their business and are fighting back more than ever before. In this year’s report, 61% of survey respondents said they increased spending on cyber security. And companies that experienced an event took action: Just 3% said they didn’t change anything after an event, compared to 39% in the prior year.
Sixty-four percent of US businesses said they have cyber insurance coverage, with another 16% stating they plan to purchase coverage in the next 12 months. Some policies include resources to help train employees to prevent cyber events, such as Hiscox Cyber Clear Academy, included with Hiscox Cyber insurance coverage. Well-trained employees can be critical to preventing an attack from happening in the first place, which is the best case scenario.
Employ a three-step approach
To increase your company’s readiness to withstand a cyber event, follow these three steps.
- Prevent an attack from happening in the first place by creating a human firewall. Educating your employees on how to secure sensitive data, spot a phishing email, and respond to a ransomware demand will go a long way toward keeping your company safe. Make sure your partners and vendors have appropriate controls in place as well.
- Detect an attack early to mitigate the damage. Here, too, alerting employees is your best defense. When something doesn’t look right, it probably isn’t, and your employees need to speak up if they see something ‘off.’
- Mitigate the impact on your bottom line. Cyber insurance can cover the costs associated with recovering data and notifying impacted parties. Hiscox Cyber Security Insurance includes Hiscox Cyber Clear Academy, an online suite of cyber security training modules to help you and your employees protect against a cyber attack.
Protecting your business against a cyber event is an integral part of your company’s risk management strategy. To learn more, read the full report.