High profile data breaches of large companies and government agencies have become a more prevalent feature of the news cycle over the past decade. While that news coverage often serves as an important opportunity to reflect on the ways in which we, as consumers, expose our personal information to the risk of theft, it often fails to adequately address the true scale of the cyber threat landscape facing businesses of all sizes. Data breaches involving millions of stolen records and sophisticated attacker tools will always grab the headlines, but those represent only a small fraction of the number of all cybersecurity incidents in any given year.
With the FCC reporting that theft of digital information has surpassed physical theft as the most commonly reported type of fraud, it’s clear that business strategy must include cybersecurity planning and budgeting. However, many small businesses incorrectly assume that they have nothing that attackers would be interested in and assume that cybersecurity is the exclusive purview of large multinational corporations and government agencies. Those misperceptions could be devastating to your small business.
A 2019 review by consulting firm Accenture found that 43% of all cyberattacks involve small business victims, and a report from insurance carrier Hiscox found that the average cost of a data breach is $200,000. In addition to the costs, the erosion of customer trust is often too much for an organization to recover from as 60% of all cyber-attack victims went out of business within 6 months of the event. At a time of unprecedented economic uncertainty (where approximately 15% of small businesses and non-profit reportedly will not survive Covid-19 shutdowns) and increased reliance on technology to allow employees to maintain productivity while working from home, the imperative for cybersecurity planning and training is all the more plain.
Stepping up your organization’s cybersecurity practices may seem like an intimidating process, as well as a costly one; however, starting with a few simple steps can help to significantly reduce your organization’s cyber risk footprint. Although no combination of technology and procedures can guarantee protection against a security incident, practices such as enforcing strong password requirements, implementing multi-factor authentication, and disabling unnecessary remote access to company systems are known to help protect against a number of the most commonly used cyber attacker techniques. A holistic, enterprise approach to cybersecurity, however, will also require that organizations work to mitigate the risk posed by service providers and other third-parties with access to their network or data and invest into cybersecurity and privacy training for employees. Finally, purchasing the right cyber liability insurance is essential to help limit losses when the worst-case scenario hits your business.
After years of advising organizations in the wake of a data security breach, I founded Kybernan Legal Solutions to take a more proactive approach in helping small and medium sized enterprises bridge the cybersecurity gap to keep up with the evolving threat landscape. Whether you already have a cybersecurity policy in place or are starting from scratch, Kybernan Legal Solutions will be your trusted advisor to work within your organization’s goals and constraints to tailor an efficient and sustainable cybersecurity program to its unique needs. Contact Kybernan Legal Solutions today to learn more.