A cyber breach is a real threat to your business. Our cyber insurance expert takes a look at measures you can take to protect yourself from an attack.
By Dennis Ast
We encounter so much doomsday information about cyber security that it can be hard to know if any of it is real. Some emails and articles seem like schemes designed to make businesses think they need to buy cyber insurance. Make no mistake; while schemes like that are out there, the threat of a cyber attack is very real.
According to Verizon’s 2018 Data Breach Investigations Report, 53,308 cyber security incidents occurred with 2,216 confirmed data breaches
in 65 different countries that year.
Of the confirmed breaches, 76% were financially motivated. Most of those were done by outsiders (relative to the company) but over a quarter of the attacks involved an insider. These insider attacks are hard to guard against and identify.
Another type of attack we see often is phishing campaigns. The Verizon Report noted that 4% of people still click on phishing campaigns despite the many anti-phishing trainings and educational materials available. Of the cyber claims made to CHUBB Insurance in 2018, 28% were the direct result of a phishing campaign.
These attacks may not be immediately detected, either. Sixty eight percent of breaches took months or longer to discover, even though they only took only minutes to occur. Ransomware attacks can be used to cover the fact that someone else has been in your system for a very long time without you knowing about it.
What do cyber attackers want? That varies. Sometimes the attackers want money via a ransomware attack or hacking an email account. Erroneous payments can be issued by unknowing staff just trying to do what they thought their manager asked. In other cases, attackers want what makes you successful – your patents and trade secrets. No need to reverse engineer your product when they can steal your plans and manufacturing processes.
You need a multi-faceted approach to protecting your diverse business assets. This should be a combination of cyber security measures, contingency planning and risk transfer with a cyber insurance policy. Align yourself with experts in the industry so you can build the most effective plan possible.