Opinion: Cyber risk now tops concerns among companies

Our world has certainly changed over the past two years. Inflation, global conflict and COVID-19 have impacted us all.

What’s the greatest risk for businesses and families? You’re likely using one or have one in your pocket. The constant threat of cyberattacks and risks associated with using smartphones and computers has now become the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer – even greater than supply chain disruptions, natural disasters and COVID. How long could we sustain operations if we had no access to our data and programs?

Cybercriminals can penetrate 93% of company networks, according to BetaNews. Most criminals and malicious hackers target “high-value” industries, with education leading the pack and government/military a close second. Check Point Software Technologies indicates that other high-value industries are health care, finance, fuel and energy, industrial and retail. Corporate cyberattacks were up 50% in 2021, according to CyberSecurityIntelligence.com, with the fourth quarter reaching an all-time high.

While many criminals target large businesses, small and medium businesses are normally easier for hackers because of their lack of resources and security expertise. According to Accenture’s Cost of Cybercrime study, 43% of cyberattacks are aimed at small businesses, but only 14% are prepared to defend themselves.

As our society evolves, our use and reliance on technology is exploding. Many businesses now promote working from home. Our use of other technologies, including social media, gaming, online shopping, web browsing, the cloud and 5G, is rapidly expanding. Nearly every person over the age of 14 now uses their phone frequently for access to most all business and personal data.

World events also have exacerbated the problem, and conflicts such as the Russia-Ukraine war have propelled even more activity. Unlike physical threats that prompt immediate action, cyberthreats are often difficult to identify and understand. Most successful attacks occur because you, your family or staff are either tricked into clicking on something or are not taking precautions to protect yourselves. Training and awareness are key to understanding the validity of emails, attachments, links and other ploys. Here’s a dozen best practices to employ:

1. Only connect to the internet over password-protected networks.
2. Do not click on links, open attachments or respond to emails from strangers, and verify the sending email address is valid from unexpected messages.
3. Enter the URL by hand versus following links from any suspect email or message.
4. Update programs promptly when patches become available.
5. Never provide personally identifiable information to requests via the internet unless you are positive of the source and their validity.
6. Make sure all software systems and updates are current and use reliable antivirus software.
7. Regularly backup systems and data. Test your ability to restore from backups periodically.
8. Limit who you are sharing information with via privacy settings.
9. Use strong and different passwords on all user accounts. Change passwords regularly.
10. Set up multifactor authentication.
11. Engage the services of a professional (external) IT network and security organization for advice, testing and training.
12. Vet business partners that have access to your system.

Although this list is not all encompassing, it will increase your chances of avoiding cyber risks. If you do inadvertently click on a link or suspect something suspicious, contact IT and authorities immediately.

Another critical strategy to consider is the purchase of cyber insurance. In addition to providing a financial “backstop,” most insurance companies provide valuable services and checklists that will limit risk and improve recovery if you’re impacted by a cyberattack.

As you’re applying for coverage, most carriers have requirements that will help protect you, including many of the best practices noted above. They also typically provide a “cyber coach” and cyber attorneys for help with such threats and incidents. Many also offer risk management protocols.

Lastly, the coverage can be invaluable if an incident occurs, providing protection for response costs, data recovery, business interruption, notification, extortion/ransom and reputational damage. Other items, such as fines, are normally included in the coverage.

Cyber risks have become the top financial risk for businesses, governments and individuals. Think about the damage of losing all your data and/or being down for weeks all caused by someone we don’t know and will never see. Understanding the risks and threats, implementing preventive measures and purchasing cyber insurance coverages are critical strategies to protect yourself, your family and your company.

Richard Ollis is CEO of Ollis/Akers/Arney, an employee-owned insurance and business consulting company. He can be reached at richard.ollis@ollisaa.com.