Top cyber threats can shift by industry, but risk is universal

Related: Lloyds: 92% of European businesses suffered a cyber breach in the past 5 year

In response, prudent risk managers know they must focus their cyber mitigation efforts on reducing those risks. Here are some business classes with a high exposure to cyber crimes.

• Health care focus on data. Within the health care industry, hacks that could lead to a data breach remain the top priority. These industries deal with significant amounts of personally identifiable information. They also have many employees who can access their systems. It's a situation cyber attackers could look to exploit — and one that carries the potential for a costly data breach. Cyber extortion and ransomware attacks should also be high on the list of exposures to watch out for in the health care industry. There have been numerous high-profile ransomware attacks on hospitals that have resulted in hospitals getting locked out of their own files. That's a scary proposition for any organization, and a concern that health care business risk managers everywhere will be more attuned to over the coming years.
•  Consumer businesses also focus on data. Retailers, financial services firms and other consumer-facing businesses are concerned with data breaches because they deal with significant volumes of personally identifiable information. Perhaps more so than in other industries, that data can include sensitive financial information such as credit cards or access to financial accounts — again, items that hackers would see as highly valuable. They're frequent targets, too. The retail sector accounted for 24 percent of companies whose data was breached, while 18 percent of intrusions were reported by financial firms, according to a report issued earlier this year by the California attorney general's office. The 100 largest retailers in the United States now universally cite cyber security as a concern, making it the top perceived risk, according to a recent analysis by accounting firm BDO.
• Manufacturers focus on networks. Because manufacturers are far less likely to be consumer-facing businesses, they store significantly less personal information on their networks and are less concerned about data breaches. Still, there is a risk that personally identifiable information could be exposed. There is also a substantial risk that a cyber attack or malware could lead to downtime for production machines or even a whole factory floor — and that can be an extremely expensive business interruption.

Continue reading…

Cyber criminals hack the systems of small and mid-size businesses as a potential gateway to access the systems of the larger companies they serve. (Photo: iStock)

Small- and mid-market responses growing

And no matter which industry they serve, small and medium-size business of all types are taking a closer look at their cyber security. Several trends are driving this new focus. One is the growing realization that smaller firms are becoming more attractive targets because big businesses have significantly hardened their cyber defenses. Cyber criminals also hack the systems of small and mid-size businesses as a potential gateway to access the systems of the larger companies they serve.

Smaller companies have become potentially critical points in the access chain and are becoming more cognizant of their risks and responsibilities. In a survey for Hartford Steam Boiler by the Ponemon Institute, 55 percent of smaller business owners and professionals reported at least one data breach and 53 percent of them had multiple breaches.

Related: Risky business: High financial costs for payment breaches at small retailers

Cyber insurance becoming best practice

Big businesses recognize the cyber risks posed by smaller vendors. They are starting to require their vendors to have cyber insurance protection in place in order to bid on contracts or continue their vending arrangements. We're at the leading edge of that trend now, but those requirements will likely be seen more often in subcontracting agreements. Over time, those smaller vendors will, in turn, look for their own smaller partners to carry cyber coverage. No matter which industry is involved, these risks are driving cyber awareness throughout the supply chain.

In every industry and business, from the corner deli to the largest multinational, protecting against hackers is a critical priority. The first step business risk managers must take is to look at their cyber assets and determine which things are of high value to cyber attackers. From there, they can begin prioritizing what to protect, and how to maximize resources to improve their cyber security. But where?

Certainly, IT would be an obvious area. Shoring up security and keeping systems up to date can help lessen the likelihood of a hacker accessing systems. And there are new software programs and tools that could help improve the way companies identify and mitigate cyber risks. These include technologies such as behavioral analytics, which can flag atypical behaviors for uses within a computer system, as well as next-generation intrusion-detection programs.

No system is impenetrable, however. Although a company's cyber assets can be well-protected, they can never be 100 percent secure — which is why cyber insurance is also such a vital component to risk management. Business owners and risk managers must look for optimal ways to be more secure. And now more than ever, cyber insurance is a fundamental part of that mix.

Related: Navigating the cyberinsurance maze: Inside the obligations and caveats

Eric Cernak is Cyber Practice Leader for Munich Re. He can be reached at Eric_Cernak@hsb.com

Save

Save

Save

Save