Preventing a Cyber Attack from the Inside Out
Cyber attacks continue to dominate the headlines, and the changing nature of these attacks makes it difficult to keep up. From viruses to malware to ransom demands, attacks are becoming more common and more brazen all the time. In the war against cyber crime, it’s best to have multiple weapons at your disposal — and one of the most important tools may be right in front of you.
Cyber Attacks Are on the Rise
The Hiscox Cyber Readiness Report 2019™ surveyed over 5,000 professionals worldwide, including over 1,000 in the US, who are involved with their organization’s cyber security strategy, to determine the frequency and severity of cyber incidents and how prepared their businesses were to deal with them.
As you might expect, cyber crime is on the rise. In fact, 53% of firms in the United States reported a cyber attack in 2019, compared with 38% in 2018. What is perhaps even more alarming is that over a quarter of US companies reported four or more attacks in the past year. The mean cost to U.S. firms for the attacks they experienced in 2019 was $119,000.
Most Companies are Cyber Novices
Study respondents were asked a series of questions to determine how prepared their businesses are for a cyber incident. Based on their responses, they were rated as cyber experts, intermediates, or novices.
Just 10% of businesses in the US were determined to be cyber experts, meaning they have a comprehensive cyber strategy in place that includes educating staff, creating and implementing a business-wide strategy to respond to an attack, and investing in prevention and mitigation.
Eighteen percent of US businesses were rated as cyber intermediates. These companies have some strategies in place but should be doing more to prepare for an attack.
This leaves the 72% of US companies that are cyber novices. These businesses lack the oversight, strategy, resources, and processes to prevent and respond to a cyber incident and are therefore broadly exposed to the consequences of a hack or data breach.
Improve Cyber Readiness from Within
Businesses can learn a lot from the cyber experts about how to prevent a cyber attack from happening in the first place, how to detect it early, and how to mitigate the damage to the bottom line. It starts with being prepared.
“There are a lot of ways to improve your preparedness for a cyber attack,” said Meghan Hannes, cyber product head for Hiscox in the US. “One of the most effective — and least expensive — ways is to involve your staff in the battle.”
“Training employees on how to spot a cyber risk can help prevent your company from being attacked in the first place,” said Hannes. “And learning to spot an attack can reduce the impact of a breach or hack.” A number of companies are now conducting regular training on cyber risks, along with experiments that ‘test’ employees’ reactions to phishing emails. This type of training should be ongoing and updated whenever a new risk emerges.
It’s important to have the responsibility for cyber security rest with a single person in the organization. In 2019, 80% of US businesses had a defined role for cyber security, up from 68% in 2018 – an encouraging increase. The presence of a defined cyber responsibility also shows staff that cyber security is a priority for the company — a hallmark of cyber experts.
Keep an Eye on Your Supply Chain
A surprising number of cyber issues are due to a lack of visibility into the integrity of the supply chain. Over half (56%) of US firms in the Hiscox study reported cyber-related issues in their supply chains during the past 12 months.
“Knowing how cyber ready your third-party vendors are is critical,” said Hannes. “Make sure they are taking the same steps you are to prevent an attack. This is a case where the chain really is only as strong as the weakest link.”
Including key performance indicators (KPIs) around cyber security in your vendor contracts is a way to ensure that suppliers are taking their own cyber security efforts seriously. Frequent evaluation of the security of vendor networks is another best practice for cyber experts.
Mitigate the Impact of a Cyber Incident
Taking steps to prevent an attack is important, but it’s also critical to take action to reduce the impact of an attack. Having a plan in place can help you detect an attack early, which can minimize the damage.
Maintaining the appropriate insurance coverage for a cyber attack can keep an incident from impacting the company’s bottom line. Insurance coverage can include breach response resources that can help keep losses to a minimum.
Download the Hiscox Cyber Readiness Report 2019 here.
Hiscox is a global specialist insurer, headquartered in Bermuda and listed on the London Stock Exchange (LSE:HSX). Through its retail businesses in the UK, Europe, and the US, Hiscox offers a range of specialist insurance for professionals and business customers. For more information please visit www.hiscox.com. The contents of this article do not offer legal or business advice related to the needs of any specific business.
To compile the Hiscox Cyber Readiness Report 2019, Forrester Consulting contacted 5,392 professionals involved with their organizations’ cyber security strategy (1,000 plus each from the UK, USA and Germany, and 500 each from Belgium, France, Spain and The Netherlands.) Respondents completed the online survey between October 22 and December 7, 2018.
This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Hiscox Insurance. The editorial staff of Risk & Insurance had no role in its preparation.