As cyber threat mounts, more companies take measures

As attacks on businesses' networks continue at unprecedented levels, cyber risks have become the top concern among organizations of all sizes for the first time, according to a new survey.

The "Travelers Risk Index" found that 55% of executives surveyed said they worry "some" or "a great deal" about cyber risks. That's more than they worry about medical cost inflation (54%), employee benefit costs (53%), the ability to attract and retain talent (46%), and legal liability (44%).
​

The most common types of attacks, and which pose the biggest security threat to businesses, are phishing and fake emails. These attacks are difficult to combat because of the human factor involved.

In phishing emails, the cyber criminals will pose as colleagues or vendors to dupe an unsuspecting employee to share a password or click on a malicious link that will give them access to the company's network.

In addition, ransomware has brought many businesses and government agencies to a standstill as the same technique is used to freeze an entire network and render it unusable until the company pays a ransom for a key to unlock the network.

As concerns about cyber threats have grown, more businesses say they are taking proactive measures to safeguard against cyber risks:

• Purchasing a cyber insurance policy (51% of survey participants, up from 39% in the 2018 survey the insurer conducted).
• Creating a business continuity plan in the event of a cyber attack (47%, up from 38%).
• Taking a cyber-risk assessment for themselves (49%, up from 45%).
• Taking a cyber-risk assessment for their vendors (41%, up from 37%).
• Updating computer passwords (74%, up from 71%).

A single cyber attack can put a company out of business. Taking the threat seriously and implementing a risk management program that addresses possible exposures can help a business not only avoid an attack, but also recover from one as quickly as possible.

How to lower the chances of a cyber attack

The insurance company Chubb recommends the following steps to reduce the chances of a cyber attack on your organization:

Identify your sensitive data - Credit card and personally identifiable information is often the target of cyber attacks.

Educate your staff - Educate employees about cyber attacks and how to protect the network. The most important thing for employees to remember is to not to open attachments from people they don't know or in emails they don't expect.

Procedures for encrypting personal or sensitive information should be provided, and employees should be required to change their passwords regularly.

Have security in place - A web application firewall should be in place to protect your website, in addition to a firewall for your company's network. If credit card payments are accepted, you should have an e-commerce platform that is compliant with payment card industry data security standards Level 1.

Secure your hardware - Data breaches can be caused by physical property being stolen, too. If servers, laptops, cell phones, or other electronics are not secure and easy to steal, you are taking a big risk. Physically locking down computers and servers is a good idea.

Cyber insurance

As cyber threats become more sophisticated, cyber-insurance policies have evolved. Many types of policies exist, and they can be tailored for specific types of businesses. The key is getting a policy that best fits your organization and covers any eventualities that you may encounter.

When reviewing cyber insurance options, consider the following coverage options:

• Business interruption - Covers the loss of business income due a cyber attack.  
• Computer fraud - Covers theft of money, securities and other forms of tangible property through computer fraud and social engineering schemes.
• Data breach - Covers claims of failure to protect personally identifiable information and protected health information of clients.
• Property damage - Covers replacement cost of computers damaged by a cyber attack.
• Identity theft expenses - These are related to the business owner or their employees after identity theft.      
• Advertising and personal injury - Covers damage caused by defamation on website or social media.
• Transmission of virus or malicious content - Covers failure to stop the transmission of a computer virus or malicious content.
• Errors and omissions - Covers loss caused by failure to provide proper network security.

Some policies are stand-alone products, while others are endorsements to existing polices like a business owner's policy.