Today’s businesses face many risks, from competition from high-tech startups to lawsuits over employment practices. But the biggest modern risk of all is one that you might be ignoring – the risk of cybercrime.
Businesses are familiar with this risk. After all the high-profile data breaches and ransomware attacks, it’s hard not to be. At the same time, like ostriches with their heads stuck in the sand, many businesses are ignoring the risk instead of taking action.
This is a mistake. According to the Internet Crime Complaint Center (IC3), there were more than 300,000 reported incidents of cyber crime in 2017, resulting in more than $1.4 billion in losses.
Be Ready for Anything
Cybercriminals are always using new and evolving tactics. According to IC3, the following types of cybercrimes were among those reported in 2017:
- Business email compromise/email account compromise results in losses of $676,151,185.
- Corporate data breaches resulted in losses of $60,942,306.
- Personal data breaches resulted in losses of $77,134,865.
- Ransomware attacks resulted in losses of $2,344,365.
- Denial of service attacks resulted in losses of $1,466,195.
Although all of these threats are serious, business email compromise and email account compromise schemes stand out as the costliest by far. According to the FBI, this crime is carried out in four steps.
- In step one, the criminals pick a target, usually a business in the U.S. or Europe, and learn about the individuals who work there.
- In step two, the criminals groom their target, usually someone in a financial department, by sending a series of emails or making phone calls.
- In step three, the target is asked to make a transaction, usually a wire transfer, that seems legitimate.
- In step four, the criminals steer the money to a bank account that they control.
Adopt a Multipronged Approach in the Fight Against Cybercrime
Some companies may think they don’t need to worry about cyber risks because they have cyber insurance, but the reality of the situation is not so simple.
Cybercriminals use many methods, from hacking computers to conning employees, and cyberattacks can cause a wide range of problems, including lost files, business interruption and reputational damage. As technology evolves, new risks will emerge. Policy language varies and may exclude certain risks.
Cyber insurance is important, but companies need to understand what their policy does and does not cover. They should also be taking additional steps to protect themselves.
Prevention is always ideal, and it requires a group effort. Leaving cyber security to the IT Department is not enough. If an employee has access to a company computer or receives business emails, that employee needs to know how to identify and avoid cyber risks.
It’s also important to have a response plan that goes beyond purchasing cyber insurance. When creating a plan, consider different types of attacks and how they could impact the company. Questions to ask include: How you will recover lost or corrupted files? How you will notify affected customers, clients and business partners? How you will deal with reputational damage? What regulatory requirements apply? What does your insurer require?
Need help with understanding your cyber insurance options? Contact Heffernan Insurance.