“How confident are you in your company’s or client’s ability to respond to a cyberattack? What threats are keeping you up at night, and are you prepared to handle them if they strike?”
These are the types of questions addressed by Advisen and Experian in their recently released 2017 Cyber Risk Preparedness and Response Survey. The research includes responses from 307 risk managers, insurance brokers, and legal experts. The end result: a well-organized collection of valuable insights into the evolving cybersecurity landscape.
In particular, the report highlights three key concerns for companies to watch for as they create a cyber attack prevention strategy. Below we outline those top concerns alongside actionable ways to mitigate the potential additional risk they pose to organizations.
Most companies overestimate their current levels of preparedness.
More than 72 percent of risk managers surveyed rated their network protection above average; conversely, 67 percent of data brokers and 52 percent of legal experts rated those clients as average or below average in their protection levels. Additionally, 54 percent of legal experts and 61 percent of data brokers said their clients had insufficient knowledge required to navigate cyber-risks.
It's crucial to hire an outside expert to assess organization security levels to combat this misperception and truly get a company into a position of top-notch preparedness.
Small businesses suffer from greatest lack of cyber security systems in place.
A full 75 percent of brokers and legal experts revealed that they believe their small business clients are "not very well prepared" or "not prepared at all" to respond to a cyber security incident.
While the news headlines may create a perception that cyber attackers are more likely to target big blockbuster stores than small local businesses, the reality is that attacks on small business are on the rise. In the UK, more than one-third of small businesses and over half of medium-sized businesses reported a cyber attack in 2015. And because these smaller businesses don't have the deep pockets enjoyed by large corporates, a cyber attack's potential impact is magnified.
Creating a cyber attack preparation plan (and, ideally, practicing it with drills or simulation exercises) is increasingly crucial for small businesses to successfully weather the fallout of a data breach.
Employees across businesses and industries are considered largely ignorant of security best practices.
Brokers, legal experts, and risk managers all expressed concerns on the level of preparedness of company employees. Respectively, 35 percent, 41 percent, and 31 percent of these professionals rated employee education as the top area to prioritize for cyber incident prevention.
Supplemental research from Avecto's Ransomware Uncovered report reveals that 61 percent of surveyed employees are ignorant of ransomware, which puts companies at a heightened risk for a breach.
Employees are often an easy entry point for cyber hackers — if they're not trained to be vigilant against attacks. Make cyber security training a key component of new employee onboarding and continuing employee education to shut off this potential avenue for cyber thieves.
The 2016 Ponemon Institution Cost of a Data Breach Study found that the consolidated total cost of a data breach in 2016 was approximately $4 million. The good news is, the 2017 Cyber Risk Preparedness and Response Survey found that the cost of responding to a breach was 25 percent less for organizations that already had a response plan in place. As your company takes measures to prepare for the possibility of a cyber attack, keep the above mentioned top concerns in mind and your organization will be ahead of the game — which is the surest way to win.
In case you missed it, we are thrilled to be featured in CBInsight’s latest report on Cybersecurity’s Next Frontier: 80+ Companies Using Artificial Intelligence To Secure the Future. Like what you see? Shoot us a note. We’d love to hear from you.