1. Standard business liability insurance policies do not cover cyber liability.  This is often a common misconception. According to Betanews.comCybercriminals can penetrate 93 percent of company networks.  Cyberattack attempts reached their highest amount in the fourth quarter of 2021, in part due to the recent Log4j. Some of the most impacted sectors include: Education/Research, Healthcare, Internet Service Providers, Managed Service Providers, Communications, Government and Military.  When it comes to cyberattacks, size doesn’t matter; 43% of all data breaches involve small to medium sized-businesses. Globally, small businesses are struggling to defend themselves against cyberattacks, according to Ponemon Institute’s State of Cybersecurity Report. Some of the most common types of attacks include: Phishing/Social Engineering: 57%, Compromised/Stolen Devices: 33% and Credential Theft: 30% 

 

The statistics can go on and on, so let’s focus on 9 items for you to consider.

1. Does your company handle sensitive information, including personal health information (ePHI) or personal identifying information (PII).

  • Sensitive information examples include stored contact details, health information, financial information, and personal preferences.

2. Do you interact with your customers and store login data from a public website? 

  • This is not exclusive to online retailers. If you have a blog or keep your visitors emails addresses, private information is vulnerable

3. Do you outsource to a vendor to manage your database, provide an online shopping facility or as a supplier for your products?

  • Even with an SLA, you can not guarantee their security

4. Do you have a website or online application and rely on your business for income?

  • Disclosure of data breaches can result in adverse valuations

5. Do your employees use their own devices (BYOD)?

  • Lost and stolen devices often contain valuable information and provide easy access to core information, including intellectual property.

6. Do you have cash flow reserves to cover the cost of a cyber attack?

  • The U.S. Securities and Exchange Commission estimate that half of small businesses that have had a cyber attack go out of business in 6 months

7. Does your business rely strongly on confidentiality?

  • Personal or professional services, mental health, healthcare, data sites, are just a few examples where confidentiality is essential.

8. Would a loss of customer information result in invasion of privacy, embarrassment or bullying of your customers?

  • Whether your customers are businesses or consumers, trust is an important factor in relationships, which includes securing and protecting customer data.

9. Are you a prime target for ransomware or extortion?

  • Mergers and acquisitions are on the rise. From identifying a potential acquisition to finally acquiring it, a thorough inspection must be completed before the deal is finalized.
  • Assessing the financial, operational, and strength capacity of the business during a potential takeover.
  • Considering that recent data breach statistics found that 63% of successful attacks come from internal sources, either control, errors, or fraud, your business could be a prime target.

62 percent of global M&A deals face significant cybersecurity risks by acquiring new companies, and expressed that post-acquisition, cyber risk is their biggest concern. In fact, a recent Gartner report suggests that in 2022, 60% of organizations engaging in M&A activity will consider cybersecurity posture as a critical factor in their due diligence process.  Additionally, a Forescout survey report shared, where 53 percent respondents stated that their company’s encountered critical cybersecurity issues during the M&A process, which jeopardized the deal negotiation.  

If you are evaluating exiting your business, investing, or growth through acquisition, having the proper people, processes and technology in place are key to your success.  As an extra precaution, having a cybersecurity insurance policy gives another layer of protection. However, insurance is a heavily regulated industry but cyber insurance has no real, set standards. Next week, we will discuss what you need to look for in a cyber policy. If you are looking for assistance auditing the cyber risk in your organization, or developing a people-first cyber plan, contact us today to learn more about Surenomics services