Threat Management and Cybersecurity Insurance Can Reduce Small Business Risk
Duffy Compliance Services is always searching for good content that supports small business clients. Check out this great post by Angela Gleason from the American Insurance Assn.
Cybercrime affects small businesses, too. How can they prepare?
By Angela Gleason
July 10, 2018
For the past year, it seems like a new cyberattack or data breach has been announced every week. From Equifax to Yahoo and Uber to Under Armour, cybercriminals have successfully attacked these major businesses and many more. Though these large company attacks make the news, the unfortunate reality is that all businesses – large and small – must be prepared for a data breach.
Last year was the worst ever for cyberattacks. Researchers found that the number of cyberattacks around the world doubled between 2016 and 2017. But these attacks don’t just happen to large, multinational corporations. Small businesses are just as big a target for cybercrime as large ones. In fact, Keeper Security reported in September that 61 percent of small businesses had been breached within the last year.
Alabama recently became the final state in the country to adopt data breach notification legislation, which requires companies that use or acquire sensitive personally identifiable information to notify consumers when their information is unlawfully acquired. It also requires businesses to implement and maintain reasonable security measures. As the legislation went into effect on June 1, 2018, it’s an important reminder for Alabama’s small businesses, which make up 99.4 percent of the state’s enterprises, to consider how they can protect themselves from cyberattacks.
Cyberattacks are a constantly evolving threat and can take many different forms, from ransomware and phishing attacks to malware and denial-of-service attacks. Hackers, too, are able to adapt quickly to new technologies and defenses, and businesses should be prepared to do the same, especially considering that an estimated 60 percent of small businesses that fall victim to a cyberattack will fail within six months.
When developing a risk management plan, small businesses may consider a variety of tools, from table-top exercises and vulnerability testing to anti-virus programs and performing regular software updates. Awareness and vigilance by every employee can be a first line of defense as well. Many small businesses do not have IT departments, and any employee can unwittingly allow a hack by clicking links in a spam email, or not changing their password often enough. Basic employee training, such as teaching staff how to recognize phishing attacks and strengthening passwords, can be a useful defense mechanism in this instance. The Online Trust Alliance says that 93 percent of breaches last year were preventable, and training employees to take cybersecurity into their own hands is a great place to start.
Risk transfer mechanisms like cybersecurity insurance can also help manage some of the costs that cybersecurity events generate. As the market for cybersecurity protection continues to grow, insurers are developing new and innovative products to meet businesses’ needs and outsmart sophisticated bad actors.
Finally, though flexible security plans and educated employees are important, governments also have a role to play. Through public-private partnerships, we can create a more cyber resilient nation that works together to share information and create a cyber-aware workforce. This partnership could be our best opportunity to prevent cybercrime and protect our nation’s small businesses and their customers.
Alabama’s new law is an opportunity to continue this conversation. Collaboration between governments and businesses can help ensure that 2018 is a year of growth and success for our small businesses.
Angela Gleason is senior counsel at the American Insurance Association.
Copyright 2016 American Insurance Association