Cyberattacks have massive negative business impact and were ranked as a top 5 priority by 79% of global organizations. The growth of cyber risk is also in large part associated to the expanding use of technology as a value driver. Businesses rely upon strategic initiatives like outsourcing, use of third-party vendors, cloud migration, mobile technologies, and remote access—all of which has proliferated during the COVID-19 pandemic—to augment growth and improve efficiency. However, this leading edge activity also increases cyber risk exposure. As cyber risk has evolved from a technology issue to an organizational problem that exposes corporate leadership to liability arising from claims by shareholders, employees, and the public, cybercrime has grown exponentially. This surge in cybercrime has resulted in money damages reported to the FBI’s cybercrime reporting mechanism of $4.2 billion, up from $3 trillion in 2015.
What Is a Cyber Security Risk or Cyber Threat?
A cyberattack occurs when cybercriminals try to gain illegal access to electronic data stored on a company’s computer or network. The attacks target individuals, groups, organizations, or governments and can disrupt or control an entire computing infrastructure, interfere with data integrity, steal controlled information, inflict reputational damage, and even weaken another nation. Cybersecurity refers to the technologies, processes, and practices that are designed to protect your business’s intellectual property, customer data, and other sensitive information from unauthorized access by cyber criminals.
Why Is It Important to Protect Your Business From Cyber Risks?
It is essential that businesses invest in the technologies, processes, and practices that are designed to protect its intellectual property, customer data, and other sensitive information from unauthorized access by cyber criminals. The critical nature of this responsibility is underscored by recent statistics reported by IBM, McKinsey & Company, and others, which reveal that:
- Cybercrime is up 600% due to the COVID-19 pandemic
- Remote work has increased the average cost of a data breach by $137,000
- More than half a million Zoom user accounts were compromised and sold on the dark web
- Approximately 11,762 recorded data breaches occurred in the United States between January 2005 and May 2020
- During 2020 the average time to identify a data breach was 207 days -and-
With the average cost of a global data breach recovery approaching $3.86 million, it’s hardly difficult to recognize the cost benefits of protecting a business from cyber risks by properly training staff and enforcing up-to-date best practices for cybersecurity.
Companies must also secure appropriate and sufficient insurance to provide financial security against the risks associated with conducting business in a digitized world and evolving regulatory environment. Cyber and privacy liability coverage covers first-party expenses, third-party expenses, and cybercrime costs, such as:
- Liability settlements and defense costs
- Defense of regulatory actions and penalties
- Breach response costs such as
- Legal costs to comply with privacy regulations
- Credit monitoring, public relations and
- Requisite notificati8on costs and
- Cyber extortion expenses and extortion funds
Customized cyber insurance policies may also cover cyber extortion, social engineering, business interruption, and virus transmission.
Cyber insurance will not cover every possible risk and cost. Typically excluded are the cost of upgrades that take place after a data breach occurs, loss of potential future profits such as loss due to reputational damage, and decreased valuation of intellectual property
The 10 Most Common Cyber Risks and Threats for Businesses
Vulnerabilities in a company’s digital infrastructure can compromise its current financial position and endanger its future. When addressing concerns about your operation’s online safety, the first step is to acknowledge the existing cybersecurity risks that expose an organization to a hacker’s malicious attacks. The most common cyber risks and threats for businesses are:
1. Malware
Malware is malicious software that cybercriminals insert into a company’s web pages or web files after they’ve penetrated the business’s site. Bad actors then use malware to steal sensitive corporate data, including customers’ personal information. Malware can also redirect a company’s web pages to other sites and insert pop-up ads onto a company’s web pages or website. Common malware examples are:
- Viruses – malicious software attached to a document that supports macros to execute its code and spread from host to host, that lays dormant until the document is opened and in use and can cause significant operational issues and data loss
- Worms – rapidly replicating malicious software that spreads to any device within a network that does not need a host program to disseminate and which can severely disrupt the operations of a device and cause data loss
- Trojan viruses – malicious software disguised as helpful a program that can gain access to sensitive data and then modify, block, or delete it once downloaded
- Spyware – malicious software that runs secretly on a computer and reports back to a remote user, often about sensitive information such as stolen financial or personal data; spyware known as ‘keylogger’ records keystrokes to reveal passwords
- Adware – malicious software used to collect data on computer usage and provide appropriate advertisements to the user of the infected device, which can redirect browsers to unsafe sites and cause system slowdown
- Ransomware – a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it
- Fileless malware – a type of memory-resident malware that operates from a computer’s memory rather than documents or files on a hard drive, which is harder to detect and makes forensics difficult because it disappears when the computer is rebooted
Recent malware attacks have exfiltrated data in mass amounts. Removing malware requires constant network scanning so hackers can be identified quickly and malware removed from the company’s network.
2. Ransomware
Ransomware is malicious software that gains access to sensitive information within a system, encrypts the information so the user cannot access it, and then demands a financial payout for the data before it is released. The first step in a ransomware attack is infection, which occurs when a user visits a security-compromised website. Ransomware is typically part of a phishing scam; by clicking a disguised link, the user downloads the ransomware. Ransomware infections are specifically focused on users with higher levels of permissions such as administrators, to inject malicious code. Once the code has been delivered and executed on a system, either locker ransomware shuts users out of a system or crypto ransomware encrypts data using advanced mathematical encryption keys. In almost every case the user or owner of a targeted system will receive instructions on how to regain access. A ransom is clearly presented, along with preferred denomination and payment method, and sometimes a deadline for payment. Negotiating and payment to criminal parties is a grey area. While this may be the only way to recover valuable information, payment creates ethical dilemmas, may actually cause instances of ransomware to increase, and could jeopardize coverage under a cyber insurance policy.
