Who Needs Cyber Security Insurance?
By Diane Tait
You see and hear about them on the news every week. Cybersecurity breaches are no longer the stuff of science fiction. When they occur to Fortune 500 companies and millions of consumer records are compromised, they make the headlines. What isn’t publicized is the fact that thousands of smaller businesses are hacked every day and the numbers are growing. So too are the damages caused by hackers. No matter how prepared the average business is, once hackers set their sites on gaining access it’s only a matter of time before data is compromised, malware is planted, and/or a server is locked down by a DDOS attack or ransomware. What’s worse is the fact that the ransom demanded by hackers has skyrocketed from an average of $10,000 per incident in 2019 to more than $200,000 in 2020. Once your system has been infected, it could be days, weeks, or months before your business is back in business.
Here’s how it typically begins. – You come back to work after taking the weekend off. One of your employees comes to tell you that the company computer is either running at glacial speed or they report they’ve been locked out of the system. You try to log in only to find out that you can no longer access any files. Your next move is to ask your IT department if the system is undergoing some kind of maintenance? That’s when you’re informed that your server has been hacked. Depending on the kind of attack that was implemented, you will quickly learn that you and your employees no longer have control of or access to your data. While it’s possible that customer and employee records have been compromised, what’s even more likely is that it will be some time before you can determine what was stolen since most corporate hacks involve denying access to your own system. Below are the three most likely scenarios:
- Malware – If you watch movies, you undoubtedly think that hacking is done by shadowy figures who sleep all day only to spend all night trying to crack passwords to gain access to computers. That’s not what really happens nowadays. Most business computer systems are breached via malware. Malware is nefarious computer software that can be introduced in several ways. Once present on your system they can do everything from capturing passwords and data to implanting more malicious subroutines. The average cost to businesses infected with malware in 2020 was $92,000.
- Directed Denial of Service Attack (DDOS) – When this attack takes place, a hacker will direct thousands of robotized computers to inundate your server with so much malicious traffic that it literally grinds to a halt. Unlike malware, a DDOS attack is predicated on disrupting your business as opposed to penetrating your system.
- Ransomware – The most destructive kind of hack is when ransomware is planted on any computer. Not only does this lock up your server and all related systems, data contained on it get encrypted which renders it useless and makes it difficult to assess the damage done. What’s even worse is that your system is held hostage until the demands of the hacker are met. Even if you pay the ransom, there’s no guarantee that your system will be released intact since the hacker can carry out their threat to erase all the data contained on it if he so pleases.
What happens when your system is hacked? – Once hackers gain access to your system, a number of things can happen. They can root around in your system to glean customer and employee records, credit card and social security numbers. They can steal proprietary information and keep tabs on your executives. They can rifle through emails sent and received by anyone in your employ. Last but not least, they can disrupt your business and even shut your in-house computer system. Depending on the extent of the hack, it could put your business out of business temporarily or permanently. Here’s what you’ll face once you’re hacked:
1. Data Loss – Anything stored on your system may be stolen, altered, or deleted by hackers. Business disruptions and loss of customer confidence can be expected after a hack. Credit card numbers, financial data, and social security numbers could be compromised. If a competitor is behind the hack, they could be privy to every bid, customer, and project your company has ever dealt with. Even if the competition has nothing to do with the hack, should they find out and publicize the matter, your business could find itself in a position where customer confidence is severely shaken.
2. What should you do if you wind up being hacked? – If you find that your system is under attack or has been compromised, the best thing you can do to limit the damage is to shut every affected computer down. The longer a system is kept online, the more severe the damage. Even if this disrupts your business temporarily, the last thing you want to do is to let the hackers burrow any deeper into your system. Then call in your IT experts to assess the damage and recommend action.
3. What’s the worst-case scenario? – Depending on the breach, the damage done may not be limited to the information stolen and downtime to your system. Once word gets out that your business has been hacked, it’s possible that affected customers will file suit. If that happens, the judge may impose fines and/or require you to spend money on an expensive audit of your system to determine how your client’s data was compromised. Even if you win in court, you’ll be forced to pay attorney fees and court costs out of pocket. If you lose, you’ll also be required to pay any judgments against the company.
4. What can you do to protect your business? – Other than restricting access to your computer and installing several levels of system safeguards, one of the best ways to protect your business from hackers is to acquire cybersecurity insurance. This way if your system is breached, you would be covered for the cost of repairing any damage done to your computers, auditing and recovering compromised data, notifying clients of any data breach, paying costs for any claims relating to state regulators, court costs, and attorney fees, plus covering losses resulting from business disruption or lawsuits.