Think you're immune from a cyber attack? Think again.

Here are a couple of stats that will keep you up at night,whether you're a Fortune 500 company, or a small or medium sizedorganization:

— 33% of Fortune 500 corporate executives fallfor phishing attacks.

— 70% of cyber attacks target smallbusinesses.

— 60% of hacked small and medium-sizedbusinesses fail within six months following a breach.

Related: How social engineering fueled the cyber-attackbusiness

Unfortunately, it's no longer a matter of if yourbusiness will be impacted by a breach, but when. That'sbecause cyber schemes are evolving quickly and becoming morecomplex. For these reasons, the consequences of an attackare increasing at an alarming rate.

Ever smarter hacks

Ransomware is a type of malicious software designed to blockaccess to a computer system until a sum of money is paid. There areexceptions, but victims often quickly pay the ransom demand inorder to regain access to their data, servers or computers.Ransomware attacks were virtually unknown 10 years ago. In the pasttwo years, however, victims have paid more than $25 million inransoms.

Ransomware is lucrative to criminals and the reason why attackson businesses grew tenfold from 2015 to 2016. Deviations ofransomware and other cyberattacks grew 400% in 2016 alone.

Some of the more common deviations include phishing and socialengineering, financial and personal data breaches. Some attacksoccur as a result of employee carelessness, like losing a companylaptop, or negligence, such as ignoring corporate controls onpassword updates. Many times, however, employees open files, linksor emails that appear to be from legitimate sources, but result ina breach. Cyber criminals understand and prey on human weakness andbusiness vulnerabilities.

There is no way to stop attacks from hitting a business, andthey will only continue to evolve as hackers dream up new ways tocompromise systems or steal data and sell it on theDark Web.

Related: The changing world of cyber liabilityinsurance

Business priorities change by industry

All types of business are susceptible to an attack. Attacks mayimpact you differently depending on your business sector. Theimportant thing to remember is that whether you're a Non-Profitentity, a Professional Services Organization or a Healthcareprovider, you are all vulnerable.  Understanding how acyber attack would impact your specific business is critical.Working with your IT Department and establishing a strong internalsecurity plan is key in minimizing your exposure to an attack.

The consequences are real, but not just for your IT Department.In today's climate, company officers and the board members can beheld accountable by shareholders and investors. Because they have afiduciary responsibility for maintaining the financial stability ofan organization, a risk management program that includes cyber insurance is a way of meeting thatobligation.

Cyber attacks are almost inevitable, which makes them somewhatof a predictable business risk. Cyber insurance helps abusiness deal with the aftermath.

Here are six examples of some of the costs:

• |
  • |
    • |
      • |
        • |
          • Ransom demands
          • Forensic costs
          • Business interruption
          • Reputational harm
          • Public relations
          • Legal advice

The moral of the story is hackers know your vulnerabilitiesbetter than you do. They will always be 10 steps ahead. Allbusinesses need to take the proactive approach rather than thereactive and suffer consequences if they're not properlyprepared.

Wendy Caruso and Jennifer Sanborn are vice presidents in theProperty & Casualty Practice at Corporate Synergies. They canbe reached by sending email to [email protected] or [email protected].

The opinions expressed here are the writers' own.

See also:

Insurance experts: WannaCry calls for tougher cybersecurity

Are you prepared for a cyberattack?