There’s widespread recognition that cyber risks are continuing to evolve. So it’s alarming to many experts that a recent study indicates businesses are growing more complacent instead of more tuned in.
The “2017 Information Security and Cyber Risk Management” survey, commissioned by Zurich Insurance, identified and analyzed the trends and the current state of cyber risk, based on responses from 315 risk professionals. The study is a benchmark for cyber-risk preparedness and response strategies, according to Danielle Ling, reporting on PropertyCasualty360.com.
For the first time since Zurich initiated the annual survey seven years ago, it showed a significant decline in the seriousness with which business executives are viewing cyber risk, even as the nature of cyberattacks and risks have evolved. The study revealed that about 60 percent of the risk professionals surveyed indicated that business managers viewed cyber risk as a significant threat. Surprisingly, that was down from 85 percent in 2016.
Zurich’s interest in selling insurance notwithstanding, the study highlights the need for businesses to keep the subject in focus.
2017 has had a big share of high-profile cyberattacks and data breaches against giants such as Anthem, which affected 80 million customers. Equifax had data security losses impacting 143 million customers, compromising millions of consumers’ personal information and increasing malware and ransomware attacks that shut down network systems and disrupted business operations.
Retailers also are targets for attack. Witness: Sonic discovered a “fire sale” of millions of customer credit- and debit-card numbers on the “dark web.” (That’s not how you want to Sonic!) Brooks Brothers found malicious software installed on processing systems; Chipotle had more problems than bacteria when it detected unauthorized activity in restaurant payment systems; and Inter-Continental Hotels Group found that malware infected hotel servers at 1,200 properties. Truth is, I could fill this blog with cyberattack examples ranging from the IRS to Arby’s. But you get the point.
Experts are now saying small businesses are becoming easy and lucrative targets for cyberthefts because the big boys have been forced to be more sophisticated in preventing attacks. And let’s face it, today our dealerships must do business electronically, so we’re vulnerable.
We process customer credit and debit cards; we keep customer data for our convenience; we bank electronically; and we’re electronically connected to suppliers, servicers and government agencies on multiple levels, all of which could be successfully attacked. Our dealerships’ data would suddenly become compromised.
If it happens, it’s gonna cost! No surprise, business-interruption costs are also increasing — never mind the incredible hassle that will ensue. According to an annual IBM study, for example, in the last year, looking only at the health-care industry, the average cost of a cyber-related business interruption loss reached $3.7 million.
Now we’re not the huge health-care industry, of course, but researchers aptly conclude that businesses in general may not be staying up to date with cyber-related risks or the precautionary measures needed to protect themselves from attacks. The IBM report’s researchers suggest that the insurance industry has a responsibility to further educate clients about these exposures, provide access to pre- and post-incident resources and offer products that meet the needs of their insured.
Even more to the point, it’s time for small businesses, such as marine dealerships, to recognize that cybersecurity breaches are very real today and will get more sophisticated going forward. Like it or not, it has become mandatory that dealers have a comprehensive review of all internal cyber-related operations and activities.
They must also review all business partner relationships in regard to the way those suppliers approach their own activities, exposures and security controls. That way, dealers can avoid having their data suddenly sucked into a breach at a business partner’s level.
Lastly, exploring the subject with insurance providers could provide helpful information, too.