Hackers, like the viruses they create, adapt at alarming rates. The newest adaptation involves a focus shift to medium sized businesses for cyber attacks. Big companies have the budget to install top line security measures and full IT staffs to oversee them. Medium sized businesses have a hard time keeping up, and that weakness is being exploited. We all know that Target was the victim of a very costly, and very public, cyber attack. But most people don’t know that the attackers gained access to the Target system via a backdoor left open by poor IT security at a medium sized vendor of the Big Box giant. Our friends at CUtimes tell us more:
A Ponemon Institute report stated that 44% of businesses had a data breach in the past year, and McAfee puts the percentage at 60. The average time from the actual data breach to its detection was 210 days.
In a separate Ponemon survey conducted for the Connecticut-based Hartford Steam Boiler Inspection and Insurance Co., 55% of smaller business owners and professionals reported at least one breach and almost a third at least one cyberattack. HSB also polled risk managers for mostly large companies in 2015 and found 69% had experienced at least one hacking incident in the previous 12 months.
Costs associated with a breach can be significant. Although per-record cost estimates range, the ID Theft Resource Center said the mid-range cost per record was $217 in 2014. And that doesn’t account for the damage a data breach can do to a company’s reputation.
Cybercriminals may focus on medium size companies as a potential backdoor to access the networks of larger clients. As a supplier, contractor or vendor, the smaller business is a trusted source for the larger company and often has access to its computer system.
Cyber extortion is also a growing threat in which thieves install “ransomware” that encrypts data and then demand payment to unlock the victim’s computer system.
It’s challenging for a midsize business to choose the right insurance program because there are no accepted standards for cyber coverage. Most insurance companies will offer certain coverages but not others. It is difficult to find a broad, inclusive policy, and many business owners and risk managers are not sure which cyber coverages they really need.
Here are some of the cyber coverages that midsize businesses should consider:
– Data breach response coverage for the expense of notifying individuals, credit monitoring and other services.
– Data breach liability for litigation and settlement costs of lawsuits resulting from a breach.
– Identity theft insurance to pay for expenses and expert help for business owners to restore credit standing and identity records.
– Computer attack for data restoration or re-creation, system restoration, loss of business income and other services.
– Cyber extortion to cover the amount of money demanded to unlock a commandeered system, including the cost of an investigator.
– Network security liability to defend against claims that “negligent failure of computer security” caused third-party damage.
– Electronic media liability for claims that information displayed on a website infringes or violates the rights of individuals or defames them.
As insurers offer more cyber coverage designed for medium size companies, agents, brokers and business owners must choose carefully. Packaged policies may serve a small business well, but likely will lack the broader protection that a midsize business needs. Cyber insurance for large corporations often includes coverage and limits that a midsize business doesn’t need and premiums it can’t afford.
If you are a mid sized business owner interested in taking the right steps towards keeping your network secure, contact our security experts at Great Lakes Computer today to get started.