Over the last four years, the number of executives reporting that their company had experienced a cyber breach has tripled, according to an RMS Cyber Security Special Report. Despite the increase in attacks, 93 percent of executives surveyed were confident in their company’s cyber security plan to safeguard data.
This disparity suggests dangerous overconfidence and a false sense of security. With more internet-connected devices than there are people in the world and the continued digital migration of business functions, the risk of a cyber attack is greater than ever.
Contributing to digital vulnerability are some pervasive cyber security myths that result in gaping holes in digital defenses.
To help you avoid costly security mistakes, here we address five of the most common cyber security misconceptions.
Cyber Security Myths
- Cyber Security is an IT department issue
Does your sales team make digital records of customer information? Do you have an inventory planner that makes online payments? Do you store vendor or client information in a logistics system? If you answered yes, then you realize these departments need to be part of any cyber security plan.The notion that cyber security is the sole responsibility of the IT department is a dangerous mindset that will likely lead to weak links in your cyber defenses that cybercriminals will exploit.
Whether it be on internal networks or public cloud, much of today’s business is digital and carried out online. The entire organization needs to be involved in safeguarding proprietary and customer information. Cyber security should be a top-down approach coordinated by company leaders. Executives should be aware of cyber risks and involved in implementing organization-wide policies and practices. This should include contingency and recovery plans in case of a breach, as well as employee awareness and best practices training.
- Only large enterprises are affected by cyber attacks
This misconception is reinforced by headlines like “100 Million CapitalOne Customers Hacked,” “Marriott Data Breach Affects 500 Million,” and “4 Billion Social Media Profiles Leaked.”While these stories reveal that even the largest, most well-resourced companies are not immune to cyber attacks, they obscure the fact that it is actually small and medium-sized enterprises that are most vulnerable. According to a NetDiligence Cyber Claims Study, 96 percent of cyber claims come from companies with less than $2 billion in annual revenue. With the average data breach costing $178,000, most small businesses are unable to recover in the wake of an attack and close their doors within six months.
- Only companies that house valuable data are at risk
This is, in fact, a true statement. The trouble comes from the assumption that “my data isn’t valuable.” You don’t have to handle health records or tax documents to be a potential target. In the digital age and the data economy, bad actors can find value in almost any type of data.As a business, you invariably collect, use, and transmit numerous data types. This may include procurement and purchase datasets, customer personal information, POS records, vendor account information, and more. If this information were to become compromised, it could cause business interruption and financial loss, and your brand would likely suffer a loss of trust and future business prospects. Information isn’t the only thing at risk. With connected factories and IoT infrastructure, physical assets and operations can also be compromised. In 2016, hackers infiltrated a water utility control system in the UK and were able to change the chemical ratios being used in tap water. Without proper cyber protections, attacks like these can have catastrophic consequences.
- If we are compliant we are secure
Compliance with industry regulations like HIPAA and PCI DSS form a baseline for security protocols and are necessary to conduct business. Because compliance with such regulations can be time and resource-intensive, many organizations erroneously focus solely on maintaining industry compliance.Compliance with government and industry standards does not make you immune to cyber attacks—compliance should be considered a bare minimum rather than the end goal. For a truly effective cyber security program, organizations should go beyond industry requirements and continuously improve data hygiene, identify risks, and protect critical assets. To build stronger defenses and achieve good cyber security practices, utilize reputable resources like the National Institute of Standards and Technology cyber security assessment tools and cyber security framework.
- Third-party vendors are responsible for data security
Most companies outsource some business functions and share data with third-party vendors. While it’s true that the company in possession of the data is legally liable in the event of a breach, that does not absolve the party sharing the data from responsibility. When any regulated data or processes are outsourced, your company can still face class-action lawsuits and other repercussions should that data become compromised. To avoid such situations, make sure you have attorney-approved data sharing agreements in place and do your due diligence on how partners manage and access shared data.
Bolster Your Cyber Breach Response Plan
You can’t predict when cyber threats will strike, but you can shore up your defenses and mitigate risks. Part of any cyber breach response plan includes professional insurance to cover resulting financial loss and claims.
Most commercial general liability policies do not cover cyber incidents or data loss. To ensure you’re adequately covered in the event of a cyber breach, you’ll need cyber liability insurance specifically tailored for your business’s data needs.
With more than 20 years of industry expertise and strong relationships with cyber insurance carriers, ProWriters can help you prepare for the unexpected by matching you with the right cyber insurance policy.
To learn more about ProWriters’ policy comparison and underwriting services, get in touch today.