No One’s Safe from Cyber Threats. Train Your Employees to Defend Your Company Now or Risk Millions
Gone are the days when health care organizations stored valuable patient information on disorganized stacks of floppy disks in dusty back corners of offices.
Today, medical organizations are using data storage systems that deliver universal connectivity in a networked environment that are easily accessed and managed. But with the prolific amount of data being captured, the possibly of security breaches grows exponentially.
The health care industry is one cyber risk area that Chubb evaluated in their 2021 Personal Cyber Risk Survey, which gauged respondents’ attitudes and beliefs toward cyber risks throughout all areas of their lives.
Health Care Privacy Risks
According to Christie Alderman, cyber innovative solutions officer at Chubb, the survey found that people are giving more thought to the risks of sharing medical data — but inconsistently.
The most interesting aspect to this medical data security conundrum? Americans are not nearly as concerned about the security of their medical data and records as you’d think.
While 57% of those surveyed were concerned with having to share their COVID-19 vaccination status, only 24% were concerned with the vulnerability of their medical records in general.
This in spite of the fact that health care related breaches of privacy have increased over three-fold in the past 10 years according to Chubb Cyber Index. Today, more than 1 in 20 U.S. adults have fallen victim to a health care-related privacy breach.
Why are so few Americans concerned? As Alderman explained, media coverage helps to play a key role in increasing awareness about privacy considerations on COVID-19 vaccines, but people are generally unaware of how their medical data can be used and the harm it can cause.
“For example, most people are not aware that individual health data is sold on the black market to identity thieves who use the data for fraudulent purposes, including tax fraud and home equity loan fraud, and obtain medical care under the victim’s name,” Alderman said.
“This crime can ‘pollute’ the victim’s health records and potentially cause physical harm, such as recording an incorrect blood type. Additionally, most people do not take into account the potential for significant legal and financial ramifications of a cyber incident.”
Today’s Business Vulnerabilities
While Chubb’s 2021 Personal Cyber Risk Survey focuses on individual attitudes toward cyber risks, it also gives a view into business vulnerabilities — namely vulnerabilities caused by employees.
According to Alderman, in particular, respondents viewed working from an office as making them more vulnerable to cyber attacks than working from home; however, this is the opposite of reality.
“The same issues making individuals more personally vulnerable to cyber attacks, such as reusing easy-to-guess passwords, are bad habits that employees bring to their employers and are making employers vulnerable to cyber incidents,” Alderman said.
From a business perspective, and based on Chubb’s claims experience, The Chubb Cyber IndexSM highlights significant increases in cyber attacks in specific industries, such as education, manufacturing, professional services and public entities.
“While a company’s revenue may make them more prone to a cyber attack, our data shows that businesses under $25M in revenue have seen the most dramatic increase in cyber incidents over the past several years, with a more than 16-fold frequency of cyber incidents,” Alderman said.
“Put simply, all sizes of businesses are susceptible and experiencing an increase in cyber attacks. Even local ‘mom-and-pop’ shops are at risk and should be aware of cyber crimes and the potential impact to their operations.”
The Chubb report also found that younger generations have more faith in the preparedness of small businesses to protect consumer information in the case of a cyber attack: 60% of ages 18-34; 49% of those age 35-54; 12% of those 55 and up.
Cyber Risk in a Remote Work Environment
So how has the recent pandemic impacted individuals’ views of being cyber safe when working remotely?
Chubb’s 2021 Personal Cyber Risk Survey shows that Americans understand their increase in online activity, spurred on by the pandemic, has left them more vulnerable to cyber attacks.
As Alderman pointed out, while one-third of respondents are making some improvements in online safety, for example, more regularly changing passwords, less sharing passwords with others, and using a VPN, that still leaves two-thirds of people who are not, meaning people are still not often taking the right precautions.
“The gap in individual cyber education has and will continue to impact businesses as their employees work from home or have hybrid working arrangements,” Alderman said.
“The spate of cyber attacks showing up daily in the media is in a large part because bad actors are leveraging companies’ vulnerabilities. As a result, employers will need to continue to not only focus on the security of their IT configurations but also on employee education — teaching them about the importance of password hygiene and how to spot phishing emails, for example.”
The Role of Insurance in Cyber Risks
Both businesses and individuals are facing the increased prospect of cyber attacks, and insurance can help fill gaps should a person experience a breach.
Cyber insurance provides a financial solution while helping to navigate the victims through the complexities of resolving a cyber attack with much-needed services. What’s more, Alderman said, from a business perspective, cyber insurance is an essential part of business continuity planning and can mean the difference in business-as-usual or a catastrophic financial loss.
“From an individual perspective, cyber insurance needs to be as much a part of the insurance conversation as home and auto insurance,” Alderman said. “Chubb’s 2021 Personal Cyber Risk Survey shows that individuals rely on trusted sources like an insurance agent to direct them to the policy they need.”
The line between business cyber risk and personal cyber risk has never been blurrier. That’s why companies and individuals cannot afford to ignore it.
“And while it’s true that many companies have already addressed cyber exposures, cyber attacks are continuing to evolve at a rapid pace,” Alderman said.
“Everyone is at risk, making it imperative for more education in the marketplace for both consumers and businesses.” &