GENERAL INDUSTRIES | CLIENT RESOURCE
Preparing for the risk of cyberattacks
Steps that can help protect systems, assets and customers
BY CATHERINE RUDOW
Most cyberattacks are designed to steal sensitive or proprietary data and/or alter, disable or destroy critical IT systems.
Any business can become a victim of a cyberattack, but those that are prepared generally end up with less financial or reputational damage.
Organizations need to understand cyberattacks and be willing to take the appropriate steps to reduce their exposures.
The world is more interconnected than ever before. Using computer networks and the internet, organizations have grown exponentially by leveraging data, creating efficiencies and reaching new markets. These new digital technologies have allowed them to unlock their potential in ways that were unimaginable just a few decades ago.
But those same technologies have also created a new set of exposures and threats that organizations must understand and address if they want to prevent or mitigate a cyberattack. In fact, Nationwide's 2019 survey of business owners found that 86% of them believe their digital risk will only continue to grow.
Cybercrime is big business, and its perpetrators — which include organized crime and nation-states — are becoming more sophisticated. With companies' increasing reliance on computer systems and the sheer amount of data being handled by them, cybercriminals have no shortage of targets and methods to attack. Making matters worse, the financial stakes have increased for businesses, and a cyberattack can haunt an organization for years. These incidents now cost businesses of all sizes $200,000 on average, according to CNBC. In 2019 alone, the FBI's Internet Crime Complaint Center included information from 467,361 complaints of suspected internet crime — with reported losses exceeding $3.5 billion.
The threat and potential impact of cyberattacks loom large for all organizations, regardless of their size, industry or revenue. This is especially true for small- and middle-market clients who know they have cyber exposures but may not have the expertise or resources to protect their organization. Gone are the days when cybersecurity and cyber insurance conversations were reserved for the boardrooms of the world's largest companies. It's now critical that every organization understand cyber exposures and take the appropriate steps to protect its assets, customers and bottom line.
Simply put, a cyberattack occurs when a malicious party (e.g., an individual, nation-state or criminal organization) gains access to a computer system or network for financial or destructive purposes. There are several ways a cyberattack can be carried out, but most are designed to steal sensitive or proprietary data and/or alter, disable or destroy critical IT systems. The following are some common examples of cyberattacks as outlined by the U.S. Small Business Administration (SBA):
This is a common weapon for cybercriminals and can include threats such as viruses, worms, trojans, adware and spyware. In general, malware is installed on a victim's computer when they accidentally click a malicious link, download infected software or visit an infected website.
One of the most common types of malware, this is used to lock victims out of files, applications or networks until they pay a ransom. Ransomware is typically installed via malicious links in emails, and recovering from attacks can easily cost over $50,000. The costs associated with these attacks include forensics, business interruption and expenses to restore systems, even when the ransom is paid.
Attacks occur when a cybercriminal (disguised as a reputable source) sends a malicious email, text or similar message to potential victims. These messages are meant to trick recipients into opening malicious links, downloading harmful software or providing personal information. Phishing is more of a threat vector than an actual cyberattack.
Other examples include denial-of-service attacks, which occur when a website is overwhelmed with traffic intended to render it useless, and data breaches that involve the theft of personal, financial or health care information. Data breaches can also include theft of proprietary information.
Any business can become a victim of a cyberattack, but those that are better protected or have procedures in place to manage a cyberattack generally end up with less financial or reputational damage. As such, preparation is key when it comes to preventing or minimizing the harm caused by a cyber event. Organizations need to understand all the ways different cyberattacks can harm their business and be willing to take the appropriate steps to reduce their exposures. Businesses should consider the following strategies recommended by the SBA to prevent or mitigate a cyberattack:
These strategies can help organizations plan for and weather a cyberattack. Companies should also strongly consider securing a comprehensive cyber risk insurance policy tailored to their needs, and it should be reviewed regularly to make sure that it adequately meets changing needs and threats. However, even with an insurance policy, cybersecurity is an ongoing challenge, and organizations will need to continually invest in the right resources, strategies and expertise to remain prepared for an attack and ensure the longevity of their business.