Hardly a week goes by without a headline about a corporate cyber attack. We most often hear about large, well-known companies like Sony, Target, and Home Depot. There are many incidents of cyber attacks and cyber theft that do not make the news, but they still greatly impact companies and government agencies of all shapes and sizes.
Cyber threats have grown exponentially over the last few years. Cyber attackers have become more technologically sophisticated and have outpaced the IT security systems many businesses have implemented. Additionally, the increased use of mobile technology and cloud computing has made information more readily available to unauthorized users.
An organization’s management and board of directors are responsible for its cyber security, but it can be easy to overlook this task. But with the growing number of cyber attacks and the increasing risks to every organization, cyber security is quickly becoming a top priority for many CEOs and CFOs.
The consequences of cyber theft and crimes are numerous. These incidents often find their way into the headlines given their high impact, and the negative publicity can cause lasting reputational harm to your organization. Cyber security breaches can result in the loss of vital company information, and confidential employee and client information can be exposed to hackers or the public. Moreover, security breaches can damage your systems, resulting in a disruption or interruption of everyday operations.
Cyber crimes and theft can also be costly. Security breaches can require repairs to computer systems, websites, and networks, and external consultants and advisors may be needed to get your systems operating properly again. If your system is down for significant periods of time for repair or reactivation, the result can be lost production and opportunity costs. There can also be high legal costs stemming from litigation from customers, vendors, or personnel whose information has been compromised. For instance, Home Depot’s annual report disclosed that the company is facing more than 40 civil suits due to its 2014 data breach.
So how can you deal with cyber risk? First, your board of directors and management team need to become better educated about the perils of cyber crimes and theft, and identify risks that can potentially impact your company. These risks can include wire fraud, phishing scams, malware, and exposure of employee emails, company financial and proprietary information, and confidential client and vendor information.
Once you identify your risks, develop standards, best practices, and written policies and procedures to address them. Employee education and a heightened awareness of cyber risks (e.g. phishing scams) can go a long way toward preventing security breaches. Also, develop a recovery action plan to contain the damage and limit disruptions to your operations in the event that a cyber security breach does occur. You may need to consult outside experts to help identify and address your risks if do not currently have this expertise on your team. You should also discuss cyber risks with your insurance company to determine which crimes and thefts are covered under your existing commercial policies. Insurance carriers may exclude certain cyber attacks such as data breaches or require specific cyber crime coverage.
We have daily reminders of the damage that cyber theft and security breaches can inflict on businesses and individuals. Be proactive in understanding the cyber risks that impact your business and operations so you can adopt practices, policies, and procedures to help prevent an attack.
You may also like: