Is your business prepared for a cyber attack?

April 23, 2019

Data breach. Hack. Ransomware. Phishing. These are the terms that strike fear into the heart of any IT manager. And, if you’re a business owner, you fear them too. But you can prepare yourself to prevent a cyber attack, and to better withstand one if it does happen. Here’s what you need to know.

What is a cyber attack?

A cyber attack is any incident in which an unauthorized party gains access to your computer network or information. There are multiple ways to do this, and various outcomes, but they all have this in common: it’s expensive, disruptive and unsettling when your business is the victim.

According to the 2019 Hiscox Cyber Readiness Report, the most common concern for companies with respect to a cyber attack is that their company email addresses will be compromised, which can lead to phishing and spearphishing attacks. These types of attacks allow hackers to gain access to your network by sending a malware-infected email that looks like it came from another employee, or to steal funds directly by posing as a vendor and sending an email requesting payment.

The second most concerning type of attack is ransomware. Hackers infiltrate a company’s computer network. They may lock down the system, preventing the company from doing business. Or they may threaten to expose sensitive information such as customer data or information on products that have not yet been released. The hacker demands a ransom from the company in exchange for releasing their hold on the system.

How likely is an attack?

Among U.S. businesses, 53% experienced a cyber attack in the last year, up significantly from the 38% who reported an attack the previous year. Over a quarter (27%) of companies experienced four or more attacks in the past 12 months.

The average cost of a single cyber attack in the U.S. is $73,000. The cost for all attacks suffered by the average U.S. business in the past 12 months is $119,000.

Why would hackers bother attacking a small company?

Hackers are opportunistic, and will often cast a wide net just to see what they catch. In many cases, small businesses have fewer controls in place, making them easier to hack. And many businesses are at risk due to the security shortcomings of vendors or suppliers with whom they do business. Fifty-seven percent of U.S. companies said they experienced a cyber attack due to an incident in their supply chain.

What can businesses do to protect themselves?

There are a number of things that companies can do to try to stay one step ahead of cyber criminals, but the most important is to use your employees as a ‘human firewall.’ Alert and well-educated employees are your best defense against hackers.

Prevent attacks before they happen. Have one person in the company who is dedicated to cyber security. Make sure that security is a priority and that this is communicated from the highest level of the organization. Train all employees in best practices like how to identify a phishing attempt and how to create strong passwords.

Detect an attack early to minimize damage. Many types of cyber attacks rely on human interactions to spread a virus throughout the organization, so the sooner you see it, the sooner you can stop it, and the less damage you will have. Make sure everyone in the company knows to report anything they see that might be suspicious. Even if it turns out to be nothing, it’s better to say something than not.

Mitigate the impact on your bottom line. Given the frequency of attacks on businesses of every size, in every industry, experiencing a cyber incident is not a matter of ‘if,’ but ‘when.’ Be prepared by backing up your data regularly and storing it offsite so you can restore it quickly. And invest in cyber insurance for your business. Hiscox cyber insurance can not only protect you from the financial costs associated with a cyber incident, but also includes resources to help you educate your employees and manage the logistics of reporting a breach and repairing your reputation so you can get back to doing business.