Ransomware attacks are among the latest, costly means by which hundreds of organizations and tens of thousands of computers have been infected throughout the world.
In May 2021, the group REvil attacked JBS, a meat producer that processes about one-fifth of the U.S. meat supply. JBS reportedly paid an $11 million ransom to the cyber criminals.
That attack came on the heels of the hack in the spring of 2021 on Colonial Pipeline, which carries 100 million gallons of fuel daily through 5,500 miles of pipeline. Critical infrastructure was knocked out of operation for more than a week before Colonial Pipeline announced it was again fully operational. The U.S. Department of Justice chased the money trail, reporting in June that it had seized bitcoins valued at over $2.3 million, a substantial portion of the ransom that the company had paid to a group known as DarkSide.
Further illustrating the magnitude of the cybersecurity risks to businesses, a Johnson & Johnson (J&J) official recently reported that the corporation sees “15.5 billion incidents a day.”
While hacks of large corporations make national headlines, small and mid-sized businesses that handle credit cards and other customer data as well as their own finances are equally vulnerable to cybercrime.
Business cyber risks increased during the pandemic
The World Economic Forum (WEF) has cited cybersecurity as a leading risk to business and government, reporting that the COVID-19 pandemic magnified the risk, “systemically altering the global security landscape.”
HP Wolf Security commissioned a survey of office workers in eight countries in March 2021; 82% reported that since the pandemic, they work from home more often — creating opportunities for hackers to breach business networks and gain access to sensitive data. Other survey findings:
- The pandemic blurred the line between personal and professional life for 76% of work-from-home office personnel.
- Half of remote workers said they consider work devices as personal devices.
- Nearly half said they use their work laptops for “life administration.”
- Nearly a quarter said they’ll continue working from home post-pandemic, while another 16% will divide their work hours between home and office.
Companies have scrambled to establish security protocols and provide employees with access to secure networks while working remotely. But the situation is complicated when employees access the corporate network from both home and public spaces, using personal, public and employer-supplied laptops, computers and printers.
Mitigating cybersecurity risks
Recognizing that a cyber breach is a likelihood, companies need well-planned processes to mitigate and manage operations before they become targets. As part of your planning, it is good practice to identify a cross-disciplinary team to engage when the crisis arises. With a team and plans in place, you can respond quicker to cyber threats or actual events. For resources, visit the FBI website.
Writing for WEF, Dmitry Samartsev, chief executive office of BI.ZONE, a digital risk management company, observed that a company’s employees are “the first line of defense against an attack.” He offered advice for cyber hygiene:
- Provide anti-phishing training. Teach personnel to recognize phishing emails and other tactics used to phish for a way into your company’s systems and network, and to immediately report, but not respond to, suspected phishers. Sometimes social engineers place friendly calls to probe for information.
- Stage simulated attacks. This may require engaging professional trainers.
- Give password help. Teach how to create strong passwords. Provide software to lock up employee passwords.
- Educate employees about how to handle customer information, billing and other sensitive data.
- Instill good habits. Never leave a passworded computer screen unattended. Never share passwords. Never reply to a suspected phisher. Never open unverified links.
- Give contact information for reporting a breach or possible phishing attempt.
- Make an ongoing investment in cutting-edge cyber defenses and training.
Anticipate breaches and prepare for fallout with insurance
The ways that nefarious individuals break into business information systems are pervasive, and the costs are high. Neither commercial general liability nor property insurance typically provide cyber coverage.
A standalone cybersecurity policy can potentially save your business, large or small, from decimation in the event of a successful cyberattack. As explained by the U.S. Cybersecurity & Infrastructure Security Agency (CISA), available coverages include the “costs arising from data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activities due to data breaches, and legal claims for defamation, fraud and privacy violations.” But most cybersecurity policies “do not cover physical damage and bodily harm caused by a cyberattack against critical infrastructure,” so another policy would need to be in place if that is a concern.
Ask for professional help
Insurance decisions can seem overwhelming, but your WizdomOne independent agents can help you assess your needs by thinking through the potential costs and consequences of a cyber breach, including those risks unique to your business. Your agent can then help you identify the appropriate cybersecurity insurance for your business from a selection of policies offered by a range of insurance carriers.
Call WizdomOne today — before your business experiences a data breach or operations interruption or sustains network damage because of a cyberattack. With the right protocols and insurance in place, you can enjoy conducting business with the security of knowing you are both protected and prepared.