It’s a matter of when, not if. Mid-market firms are most at risk of cyber attacks according to a recent article in Chief Executive. It's getting harder and harder to hide. Whether it’s a cyber attack, a data breach, or an attack on your reputation, the key lies in figuring out where your organization is most vulnerable.
The ever evolving risks
According to the Ponemon Institute 2014 Cost of Data Breach Study, the average cost to a company was $5.9 million, with malicious or criminal attacks resulting in the highest per capita data breach cost. This latest annual survey shows a significant spike in legal defense spending while breaches involving third-party organizations account for 42 percent of all breach cases. These remain the most costly form of data breaches due to additional investigation and consulting fees.
The most expensive data breach event included in this year's study cost a company nearly $31 million to resolve. The least expensive total cost was $750,000.
Risk can enter into any equation, but the three main areas to identify and protect include:
Operations and Supply Chain Risks. Cyber risks to supply chains are a greater risk than weather, fire and social combined. Most companies look at their risks in terms of facilities and physical operations, but don’t always think about their suppliers. What about your external maintenance providers? They have access to your facilities in person or remotely. Do your vendors have a cyber security plan in place? Steps taken to improve supply chain resilience are increasingly important for cyber security preparedness.
Reputation Damage. What exactly is the damage caused by a breach? Certainly the cost of recovery. But even more than that, the impact to your reputation and the loss of customer loyalty can do more damage to your bottom line than the cost of the breach itself. How does it happen? Hackers might obtain sensitive information and disclose it to the public. Your employee posts something negative about your company on their social media site. The result: a change in the perception of your brand.
Information and Technology Risks. This area covers a wide range that can include anything from nuisance hacking, to the theft of intellectual property…all the way to the risks inherent in mobile technology and data leakage. There’s the oft heard story of a laptop stolen from an employees car. Or a data breach at a vendor who has access to your marketing database.
The role of senior management and boards
Most companies have some form of risk management activities in place. However, these risk management activities are often ad hoc, informal and uncoordinated. They are typically focused on operational or compliance-related risks and fail to focus systematically on strategic and emerging risks, those most likely to affect an organization’s success.
What’s more, existing risk management processes often do not provide boards and senior management with an enterprise-wide view of risks.
A recent paper, Effective Enterprise Risk Management: The Role of the Board of Directors, notes that; “An entity’s board of directors plays a critical role in overseeing an enterprise-wide approach to risk management. Because management is accountable to the board of directors, the board’s focus on effective oversight is critical to setting the tone and culture towards effective risk management through strategy setting, formulating high level objectives, and approving broad-based resource allocations.”
What can you do to help mitigate your risk?
No, most likely your business interruption insurance isn’t going to cover your problem. What about the fast-growing market for cyber liability insurance? For the most part, it’s expensive and quite often has substantial holes in coverage. However, it definitely can add a level of security if your agent is very experienced with the product and understands how to customize your coverage to fit your unique risks.
The Ponemon Institute offers a free “Cyber Crime Assessment Tool” that takes about 10 minutes and involves no identifying information. It’s a quick and easy way to see where your organization compares to others in your industry.
How cyber aware is your company?
Please take our quick, 5-question anonymous survey on your company's cyber preparedness. The results will be shared shortly.