Technology has evolved into an essential tool for business. Nearly every firm relies on software, email and the internet to conduct business and deliver services.
Since the internet has become such an integral part of most operations, however, doorways to disaster have opened that never existed before.
Think about it. Significant portions of services are now software based. Project delivery is increasingly dependent on new technology and communication tools. Building information modeling (BIM) is gaining wide acceptance, enhancing the dependency on robust and shared data by entire project teams. Collaboration with clients, contractors, other firms, manufacturers, etc., is performed almost exclusively online. E-commerce is becoming the norm for payments.
Consequently, almost every transaction creates a path to a new cyber threat. According to ITRC Data Breach Reports, over 169 million personal records were exposed in 2015, stemming from 781 publicized breaches, while The Global State of Information Security® Survey 2016 reported that there were 38 percent more security incidents detected in 2015 than the previous year.
So, even secured, there is no 100 percent guarantee against hacks, breaches and related intrusions. The risk is always there. In fact, a business’s data can be exposed in three fundamental ways:
- Confidentiality. How can you be sure all your firm’s confidential personnel and project information is truly safe? How is your data or the proprietary information of project owners being protected from malware or online theft.
- Integrity. Is the data in your operation free from corruption as it moves internally and externally? What safeguards (both technological and human) have been deployed to secure data inside your firm or among project participants? Do you regularly train employees on data security?
- Availability. Are your systems redundant? Are they adequately backed up onsite and off premises to ensure their integrity in the face of an attack or network failure?
The reality is hackers are not the only threat to your data’s security. Many data breaches involve the download of malicious codes and viruses. Each can attach themselves to emails and follow innocent website visits or social media streams back to the source to wreak digital havoc on unsuspecting businesses. Furthermore, costly cyber events can also result from the unintentional or careless handling of project files as well as events occurring outside the firm’s control such as natural disasters and/or power failures.
Hackers are not the only threat to data security. Many breaches involve the download of malicious codes and viruses. (Photo: iStock)
No business is immune to cyber thefts
According to recently published statistics from the FBI, wire fraud and ransomware schemes are growing exponentially. As stated in the April 2016 report, "Incidents of Ransomware on the Rise — FBI,": "Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyber attacks, particularly against organizations because the payoffs are higher. And if the first three months of this year are any indication, the number of ransomware incidents—and the ensuing damage they cause — will grow even more.”
Cyber criminals are becoming more sophisticated in "spear-phishing" individuals to activate fraudulent messaging or even wire transfers for “smallish” sums of money (i.e., $20,000 to $50,000). Victims are then forced to pay a ransom when a hacker gains the ability to shut down the firm’s systems and delete files.
Increasingly, victims of wire fraud and ransomware are small and mid-sized businesses that fly under the radar of federal crime-stoppers. It is far easier for “black-hat hackers” to launch multiple attacks involving smaller dollar amounts rather than risk detection that involve far greater sums of money. However, $20,000 lost to wire fraud is a significant amount to a small business focused on staying profitable. And it often doesn’t just end with the ransom. The forensic cleanup or restoration of data can also prove excruciatingly costly and time-consuming.
Take cyber security seriously
Many businesses work under conditions that require data to be reliably confidential, accurate and available. And they work under narrow margins where the theft of even small amounts of money can have a major impact on a firm’s financial health. It’s a competitive business fraught with tight budgets and changing demands. Becoming the victim of a cyber security breach can be anything from a small nuisance to an enormous financial threat. So, knowing the very real challenges and the methods for protecting against them should be an integral component of every firm’s business intelligence and risk management planning.
Protecting data: the necessary steps
Addressing cyber security issues should take two forms. First, hire a cyber security consultant to conduct an audit of business systems and processes. Also, it’s not just about network security. Human resources, administrative and technical staff should be trained on the best practices needed to minimize cyber threats within their areas of responsibility. It is also extremely important to follow and implement the recommendations of certified and proven cyber experts with the entire system reanalyzed at least every other year.
Second, speak with qualified insurance brokers that thoroughly understand cyber environments, the wide-ranging threats and available coverage forms. Insurance is not a fix, but it will provide the financial resources needed to overcome attacks should they occur. For instance, insurance options are available for protecting businesses and their assets from the suits of other companies, which also suffered harm during severe data breaches. Insurance carriers also often work with cyber consultants, who conduct detailed forensic analyses to determine the nature and depth of the hack as well as to identify the appropriate risk management and data rescue procedures.
Unfortunately, the threats businesses face today are unlike any others. Today, firms must address the reality of cybercrime. Thankfully, there are resources available to assess a firm’s individual levels of vulnerability, while establishing risk mitigation and response protocols. Choosing to address these issues now is the best way to avoid the wide ranging financial, reputational and business problems that can besiege firms for years.
Stephen L. Porcelli is president of Berkley Design Professional Underwriters, one of the nation's premier providers of commercial property casualty insurance and risk management programs. To reach him: SPorcelli@BerkleyDP.com.