Standard business liability insurance policies do not cover cyber liability. This is often a common misconception. According to Betanews.com, Cybercriminals can penetrate 93 percent of company networks. Cyberattack attempts reached their highest in the fourth quarter of 2021, partly due to the recent Log4j. Some of the most impacted sectors include Education/Research, Healthcare, Internet Service Providers, Managed Service Providers, Communications, Government, and Military. Regarding cyberattacks, size doesn’t matter; 43% of all data breaches involve small to medium-sized businesses. Globally, small businesses are struggling to defend themselves against cyberattacks, according to Ponemon Institute’s State of Cybersecurity Report. Some of the most common types of attacks include: Phishing/Social Engineering: 57%, Compromised/Stolen Devices: 33% and Credential Theft: 30%
The statistics can continue, so let’s focus on nine items for you to consider.
Does your company handle sensitive information, including personal health information (ePHI) or personal identifying information (PII)?
Sensitive information examples include stored contact details, health information, financial information, and personal preferences.
Do you interact with your customers and store login data from a public website?
This is not exclusive to online retailers. Private information is vulnerable if you have a blog or keep your visitor's email addresses.
Do you outsource to a vendor to manage your database, provide an online shopping facility, or as a product supplier?
Even with an SLA, you can not guarantee their security.
Do you have a website or online application and rely on your business for income?
Disclosure of data breaches can result in adverse valuations.
Do your employees use their own devices (BYOD)?
Lost and stolen devices often contain valuable information and provide easy access to core information, including intellectual property.
Do you have cash flow reserves to cover the cost of a cyber attack?
The U.S. Securities and Exchange Commission estimate that half of the small businesses that have had a cyber attack go out of business in 6 months
Does your business rely strongly on confidentiality?
Personal or professional services, mental health, healthcare, and data sites are just a few examples where confidentiality is essential.
Would a loss of customer information result in an invasion of privacy, embarrassment, or bullying of your customers?
Whether your customers are businesses or consumers, trust is an important factor in relationships, which includes securing and protecting customer data.
Are you a prime target for ransomware or extortion?
Mergers and acquisitions are on the rise. A thorough inspection must be completed before the deal is finalized, from identifying a potential acquisition to finally acquiring it.
Assessing the business's financial, operational, and strength capacity essentialduring a potential takeover.
Considering that recent data breach statistics found that 63% of successful attacks come from internal sources, either control, errors, or fraud, your business could be a prime target.
62 percent of global M&A deals face significant cybersecurity risks by acquiring new companies and expressed that cyber risk is their biggest concern post-acquisition. A recent Gartner report suggests that in 2022, 60% of organizations engaging in M&A activity will consider cybersecurity posture as a critical factor in their due diligence process. Additionally, a Forescout survey report shared where 53 percent of respondents stated that their company encountered critical cybersecurity issues during the M&A process, jeopardizing the deal negotiation.
If you are evaluating exiting your business, investing, or growth through acquisition, having the proper people, processes, and technology in place are key to your success. As an extra precaution, having a cybersecurity insurance policy gives another layer of protection. However insurance is a heavily regulated industry, but cyber insurance has no real, set standards. Next week, we will discuss what you must look for in a cyber policy. If you are looking for assistance auditing the cyber risk in your organization, or developing a people-first cyber plan, contact us today.