The Hiscox Report on Cyber readiness surveyed executives and IT specialists at the end of 2016. It is the most comprehensive report on Cyber readiness I’ve seen thus far. It delves into types of businesses most affected, the businesses most prepared for an attack, and which businesses seem to be taking the risk less seriously.
Many questions are asked, including:
· How often do these attacks actually happen?
· What is the average financial loss?
· How long does it take to get back to business as usual?
72% of larger businesses reported a cyber incident last year, while 47% of those experienced 2 or more in the same year. For firms with 99 or fewer employees, the average estimated cost of an organization’s largest cyber incidents in the last 12 months was just over $35,000. For the largest firms, that figure is just over $100,000. The study shows that larger firms may suffer the bigger financial losses, but smaller companies suffer the most damage due to complacency. Although the information and resources are available to them, 29% of small businesses surveyed make no changes following an attack.
The study finds that the 2 industries most targeted are:
1. Transportation & Distribution (65%)
2. Technology, media, & telecommunications (59%)
Of course this should not put other business types at such ease that they don’t take the necessary precautions. Attacks happen everyday. Will your business suffer a loss before you put a policy in place? More than a third (37%) of businesses surveyed took two or more days to realize they had been breached. This is an eternity for a hacker to gather crucial information from your business, clientele, and associates. Once the damage is done, the cost to get back to business as usual isn’t only measured in dollar signs, but in time.
After an attack, some businesses can take another two days to recover back to business as usual. And that doesn’t include the time for ongoing investigation and notification of those affected. Being unprepared for an attack can make the loss even more costly due to:
· Business disruption
· Fines & compensation
· Compromised identity of clientele
· Asset recovery
· Brand damage (negative publicity, bad reputation)
Leaving businesses open to attack can leave your business open to a lost reputation and forever-damaged client relationships.
The most common ways that attacks occur are:
1. External attack targeting the organization
2. External attack targeting business partners or suppliers
3. Internal incident or threat
4. Lost or stolen devices
Businesses most likely to be informed about the cyber risks are multi-national companies, technology companies, and those that specialize in financial services. Companies with less than 100 employees are least likely to be proactive. And even companies with IT departments tend to ignore the warnings of their IT personnel.
Companies with less successful breaches of their cyber security are consistent on a couple points:
1. Involving higher management
2. Training employees
Involve broad and executive management in setting a cyber security strategy. The study shows that 45% of the time, businesses entrust their cyber security to their IT department, and aren’t kept in the loop regarding security upgrades, needs, or potential threats. On the importance of employee training, the Hiscox report states “The human element in cyber breaches is enormous, and a modest investment in employee training can have a big impact on cyber readiness.” Employee training and system tracking and documentation are as important as taking out a Cyber insurance policy.
Cyber Liability insurance is one of the fastest growing areas of insurance worldwide. Businesses are taking out policies more often due to contractual requirements, the clear cost of damage, and increasing high profile data breaches worldwide. Many businesses believe, yet may not have verified, that they are somehow already covered by their current General Liability insurance policy. Those who haven’t been assured of coverage should contact their insurance agent ASAP. Network One Insurance is very well versed in this coverage and we would be happy to speak to your business about your Cyber Liability insurance needs. Although some insurers do offer a small amount of coverage included in their policy, many only have it as an optional coverage, and others would require businesses to acquire a standalone Cyber Liability policy.
*Three countries were included in this survey, but only figures pertaining to the U.S. were used in this article. The survey was conducted between November 16, 2016- December 5, 2016. You can see Hiscox’s Cyber Readiness Report in full here.
Zeke Corley has been a licensed insurance broker since 2003. You can email him at firstname.lastname@example.org or call him at the San Diego office at (858) 569-8100. Visit our agency at http://www.yourinsuranceplace.com/