October is National Cybersecurity Awareness Month, Which Makes it an Excellent Time to Evaluate Your Company’s Existing Prevention & Response Strategies
October is National Cybersecurity Awareness Month, which makes it an excellent time to evaluate your company’s existing prevention and response strategies. A new study regarding the frequency of cyber-attacks should serve as motivation to also evaluate your insurance coverage.
Half of Businesses Experienced Cyberattacks in the Past Year
In total, 53 percent of U.S. businesses have fallen victim to a cyber attack in the past year, according to a recent survey by The Hartford Steam Boiler Inspection and Insurance Co. (HSB). In response to the increased frequency of attacks, nearly two-thirds of companies purchased or increased their level of cyber insurance coverage over the past year. An additional 56 percent of obtained cyber insurance for the first time.
In many cases, the cyber attacks were costly. Of those that experienced cyber attacks, 72 percent spent more than $5,000 to restore or replace software and hardware and address other ramifications of the intrusion. The study further found that 38 percent spent more than $50,000 to investigate the incident and remediate IT vulnerabilities and customer impact: 10 percent spent $100,000 to $250,000, and seven percent, more than $250,000.
When businesses were hacked, the most frequent consequences were data loss (with 60 percent of companies falling victim) and business interruption (55 percent). The most common culprits of the cyber-attacks were malware (53 percent) and viruses (51 percent). The surveyed U.S. businesses also experienced distributed denial of service (DDoS) attacks (35 percent), ransomware (29 percent), cyber extortion (25 percent), and social engineering (13 percent). Not surprisingly, businesses listed disgruntled employees (a/k/a malicious insiders) and hackers as the biggest threats to their data security.
Do Your Data Protection Procedures Leave Room for Improvement?
While most businesses recognize the threats posed by cyber-attacks and data breaches, studies continually show that many are not devoting the resources needed to adequately address the problem. And that’s understandable – to a point. While businesses must focus on money-generating activities to survive, they must also recognize that the cost of doing business must include adequate cybersecurity measures because a single data breach could easily wreak havoc and interrupt the very business activity necessary to survive – and even destroy the business.
Refreshingly, cybersecurity and IT hygiene need not be complicated or prohibitively costly. In fact, most of the data breach incident response investigations I’ve handled could have been mitigated, if not prevented, had simple measures been taken by the organizations targeted.
With this in mind, below are a few basic, yet valuable, principles for improving your company’s cybersecurity:
Know your Data: Businesses must take steps to protect their confidential data, including customer data, no matter where it is stored. This includes data on employee mobile devices, the company’s web portal for employees, and servers the company controls.
Police vendors and employees: It is not enough to have data security policies and procedures in place. To ensure compliance, businesses should conduct periodic audits of their third-party vendors and employees. You may be shocked to discover that your suppliers do not encrypt the sensitive data you entrust to them or that your employees often fail to install required security updates.
Be flexible: Effective data security measures must be flexible to meet a company’s changing needs. This requires that you regularly evaluate your company’s data security vulnerabilities as well as emerging threats.
Review insurance coverage: Businesses should evaluate their current insurance policies to determine if losses incurred due to a cyber attack (business interruption, website outage, privacy breach) would be covered. If you do identify coverage gaps, it is advisable to consider a cyber-insurance policy that specifically addresses these risks.
Act quickly: If you do suffer a cyber attack, it is imperative to act quickly. Not only does this require having a data breach response and notification plan in place before a hacker strikes, BUT ALSO knowing a trusted cyber lawyer to call the instant a breach occurs. Everyone in the organization from the crisis management team, to the IT staff, to the executive management should understand their duties and be prepared to execute them with the help of a cyber lawyer.
As we continually emphasize to our clients, effective data security policies and procedures are essential for businesses of all sizes. Failing to have the proper protections in place will not only hurt your company’s reputation but also may impact your bottom line.
To see how these principles translate into specific actions you can take – today – to be more secure, stay tuned for helpful, daily cybersecurity tips that can help businesses better protect themselves from cyber threats and ensure that trade secrets and personal information are not exposed and compromised.
Do you have any feedback, thoughts, reactions or comments concerning this topic? Feel free to leave a comment below for Fernando M. Pinguelo. If you have any questions about this post, please contact me or the Scarinci Hollenbeck attorney with whom you work.To learn more about data privacy and security, visit eWhiteHouse Watch – Where Technology, Politics, and Privacy Collide (http://ewhwblog.com).
Understanding Chattel Paper: A Key Component in Secured Transactions
Using chattel paper to obtain a security interest in personal property is a powerful tool. It can ensure lenders have a legal claim on collateral ranging from inventory to intellectual property. To reduce risk and protect your legal rights, businesses and lenders should understand the legal framework. This framework governs the creation, sale, and enforcement […]
For years, digital assets operated in a legal gray area, a frontier where innovation outpaced the reach of regulators and law enforcement. In this early “Wild West” phase of finance, crypto startups thrived under minimal oversight. That era, however, is coming to an end. The importance of crypto compliance has become paramount as cryptocurrency has […]
Supreme Court and Title VII: Implications for Reverse Discrimination
Earlier this month, the U.S. Supreme Court issued a decision in Ames v. Ohio Department of Youth Services vitiating the so-called “background circumstances” test required by half of federal circuit courts.1 The background circumstances test required majority group plaintiffs pleading discrimination under Title VII of the Civil Rights Act to meet a heightened pleading standard […]
Special purpose acquisition companies (better known as SPACs) appear to be making a comeback. SPAC offerings for 2025 have already nearly surpassed last year’s totals, with additional transactions in the pipeline. SPACs last experienced a boom between 2020–2021, with approximately 600 U.S. companies raising a record $163 billion in 2021. Notable companies that went public […]
Short Form Merger: Streamlining the Process for Businesses
Merging two companies is a complex legal and business transaction. A short form merger, in which an acquiring company merges with a subsidiary corporation, offers a more streamlined process that involves important corporate governance considerations. A short form merger, in which an acquiring company merges with a subsidiary corporation, offers a more streamlined process. However, […]
Tariff Response Options for Small Businesses Facing Financial Distress
The Trump Administration’s new tariffs are having an oversized impact on small businesses, which already tend to operate on razor thin margins. Many businesses have been forced to raise prices, find new suppliers, lay off staff, and delay growth plans. For businesses facing even more dire financial circumstances, there are additional tariff response options, including […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
