Info-security experts all agree on one thing—it’s been a fantastic year—for cyber attackers. Some of the notorious breaches that hit the headlines recently include LifeLabs, Desjardins and Equifax.
Despite the media grabbing headlines, it is estimated that 75% of businesses still do not have an adequate, organization-wide security response to cyberattacks. At the same time, reported breaches in Canada went up 600% over the previous year.
It is easy to think that it’s only the big enterprises that get hit by cyber criminals. However, there are thousands of attacks that don’t make the headlines like an attack on a multinational. We might think that hackers go after the big score, not the little fish. But it just isn’t so. Hackers rub their hands at small and medium sized businesses (SMB) and view them as easy targets; ‘low hanging fruit.’ It’s dangerous to be complacent. Your business may already be on some hacker’s spreadsheet right now, as a possible target.
SMB Cyber Security Attacks: 43% of all Cyber attacks are against small and medium sized businesses.
Protecting Your Business from Cyber-Attacks
There are three fundamental elements to protecting your business from an attack.
- Install and keep updated antivirus and firewalls
- Train all your staff regularly on how to prevent and mitigate potential attacks
- Obtain adequate insurance coverage against cyber attacks
No. 1 is critical. However, simply having antivirus and firewall software installed is not enough. The latest hacking techniques don’t need to get past your software. In some cases, they actually use your antivirus software against you to spread malware.
No. 2 becomes critical. Employee training. For example, recently, Twitter’s fortress-like security was breached with a simple social engineering attack against individual members of staff who had access to sensitive systems. The weakest link in any cyber security system is human error. We click links we shouldn’t, download things we ought not, set passwords that are easy to guess, and give up personal information on the internet and social media all the time.
So, there are two things we can be certain of:
- No-one can say for sure that they will never be attacked
- No organization is able to repel every possible kind of attack
No. 3 is not optional. Insurance coverage is the bedrock tactic for protecting your business against cyber attacks.
Why is cyber insurance the centre piece of your strategy?
First of all, when you discover that your business has been breached, Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), mandate that all such breaches and/or privacy violations must be reported. Other businesses and individuals that are affected must also be notified. If you do not report the breach, you may be fined to the tune of $100,000, as well as incur severe financial damage and/or legal action.
Second, uninsured cyber losses are costly. The average cost to detect and contain a breach (investigations, assessments, audits, and crisis management) was a staggering $1.78 million. Even one stolen laptop that contains your customer data can typically cost you $50,000 to respond effectively.
These are not one-off expenses either. Once a breach occurs, the costs do not end immediately. Many companies report that you can feel the “long-tail” costs for years after the incident. In a study of 86 companies, about one-third of costs occurred more than one year after a data breach was discovered.
Complacency is a Killer
- 60% of businesses close 6 months after a successful cyber attack
- 36% of polled Canadian firms have no cyber security insurance
What contributes to these high costs? First off, if data is lost and needs recovering or replacing, depending on the number of records lost, that can be a considerable outlay. Then you need to add the cost of notifying the victims. Then you need to add the IT and admin costs to contain the breach and get back to business. If you have a comprehensive, regularly tested playbook to do this and staff receive ongoing training, then that may not take so long which can reduce costs. However, if that is not you, expect the pain to drag on for months and even years.
Finally, you can expect post-breach costs, such as lawyers, public relations, or forensic experts who have to be hired. Cyber breaches are also a heavy blow on your company’s reputation. In many cases, it includes a loss of business, either from merely not being operational, to customers refusing to do business with you anymore due to a lack of trust.
At Park Insurance, we would be happy to talk with you further about getting the right cybersecurity insurance policy for your business. A broad range of policies are available to meet your unique needs. Coverage options include help for reimbursement of expenses incurred due to:
- Privacy Breaches (consultation, notification and management services after personal information is compromised)
- Computer Attacks (replacing and restoring data and systems following a hacking, virus or malware attack)
- Data Compromise Liability (defence and settlement expenses if you are sued as a result of a personal information breach)
- Identity Theft
- Cyber Extortion
- Media Liability
- And more
With the right coverage you get protection, peace of mind and a future for your business. Call us today at: 1-800-663-3739