Technology has evolved into an essential toolfor business. Nearly every firm relies on software, email and theinternet to conduct business and deliver services.

Since the internet has become such an integralpart of most operations, however, doorways to disaster have openedthat never existed before.

Related: Survey: 90% of businesses hacked at least once in2015

Think about it. Significant portions ofservices are now software based. Project delivery is increasinglydependent on new technology and communication tools. Buildinginformation modeling (BIM) is gaining wide acceptance, enhancingthe dependency on robust and shared data by entire project teams.Collaboration with clients, contractors, other firms,manufacturers, etc., is performed almost exclusively online.E-commerce is becoming the norm for payments.

Consequently, almost every transaction creates a path to a newcyber threat. According to ITRC Data Breach Reports,over 169 million personal records wereexposed in 2015, stemming from 781 publicized breaches, whileThe Global State of Information Security® Survey2016 reported that there were 38 percent moresecurity incidents detected in 2015 than the previous year.

So, even secured, there is no 100 percentguarantee against hacks, breaches and related intrusions. Therisk is always there. In fact, a business's data can be exposed inthree fundamental ways:

• |
  • |
    • |
      • Confidentiality. Howcan you be sure all your firm's confidential personnel and projectinformation is truly safe? How is your data or the proprietaryinformation of project owners being protected from malware oronline theft.
      • Integrity. Is the data in your operation free fromcorruption as it moves internally and externally? What safeguards(both technological and human) have been deployed to secure datainside your firm or among project participants? Do you regularlytrain employees on data security?
      • Availability. Are your systems redundant? Arethey adequately backed up onsite and off premises to ensure theirintegrity in the face of an attack or network failure?

The reality is hackers are not the only threatto your data's security. Many data breaches involve the download ofmalicious codes and viruses. Each can attachthemselves to emails and follow innocent website visits or socialmedia streams back to the source to wreak digital havoc onunsuspecting businesses. Furthermore, costly cyber events can alsoresult from the unintentional or careless handling of project filesas well as events occurring outside the firm's control such asnatural disasters and/or power failures.

Continuereading…

Hackers are not the only threat to data security.Many breaches involve the download of malicious codes and viruses.(Photo: iStock)

No business is immune to cyber thefts

According to recently published statisticsfrom the FBI, wire fraud and ransomware schemes are growingexponentially. As stated in the April 2016 report, "Incidents of Ransomware on the Rise —FBI,": "Ransomware has been around for a few years,but during 2015, law enforcement saw an increase in these types ofcyber attacks, particularly against organizations because thepayoffs are higher. And if the first three months of this year areany indication, the number of ransomware incidents—and the ensuingdamage they cause — will grow even more."

Cyber criminals are becoming moresophisticated in "spear-phishing" individuals to activatefraudulent messaging or even wire transfers for "smallish" sums ofmoney (i.e., $20,000 to $50,000). Victims are then forced to pay aransom when a hacker gains the ability to shut down the firm'ssystems and delete files.

Increasingly, victims of wire fraud andransomware are small and mid-sized businesses that fly underthe radar of federal crime-stoppers. It is far easier for"black-hat hackers" to launch multiple attacks involving smallerdollar amounts rather than risk detection that involve far greatersums of money. However, $20,000 lost to wire fraud is a significantamount to a small business focused on staying profitable. And itoften doesn't just end with the ransom. The forensic cleanup orrestoration of data can also prove excruciatingly costly andtime-consuming.

Related: 5 trends and factors that continue to impactcybersecurity in 2017

Take cyber security seriously

Many businesses work under conditions thatrequire data to be reliably confidential, accurate and available.And they work under narrow margins where the theft of even smallamounts of money can have a major impact on a firm's financialhealth. It's a competitive business fraught with tight budgets andchanging demands. Becoming the victim of a cyber security breachcan be anything from a small nuisance to an enormous financialthreat. So, knowing the very real challenges and the methods forprotecting against them should be an integral component of everyfirm's business intelligence and risk management planning.

Protecting data: the necessary steps

Addressing cyber security issues should take two forms. First,hire a cyber security consultant to conduct an audit of businesssystems and processes. Also, it's not just about network security.Human resources, administrative and technical staff should betrained on the best practices needed to minimize cyber threatswithin their areas of responsibility. It is also extremelyimportant to follow and implement the recommendations of certifiedand proven cyber experts with the entire system reanalyzed at leastevery other year.

Second, speak with qualified insurance brokers that thoroughly understand cyberenvironments, the wide-ranging threats and available coverageforms. Insurance is not a fix, but it will provide the financialresources needed to overcome attacks should they occur. Forinstance, insurance options are available for protecting businessesand their assets from the suits of other companies, which alsosuffered harm during severe data breaches. Insurance carriers alsooften work with cyber consultants, who conduct detailed forensicanalyses to determine the nature and depth of the hack as well asto identify the appropriate risk management and data rescueprocedures.

Unfortunately, the threats businesses facetoday are unlike any others. Today, firms must address the realityof cybercrime. Thankfully, there are resources available to assessa firm's individual levels of vulnerability, while establishingrisk mitigation and response protocols. Choosing to address theseissues now is the best way to avoid the wide ranging financial,reputational and business problems that can besiege firms foryears. 

Stephen L. Porcelli ispresident of Berkley Design ProfessionalUnderwriters, one of the nation's premier providers ofcommercial property casualty insurance and risk managementprograms. To reach him: [email protected].

See also: Cyber risk survey finds majority of businesses werehacked in 2014

Cyber insurance's increased profile leads to moreofferings and more buyers