October is National Cybersecurity Awareness Month, Which Makes it an Excellent Time to Evaluate Your Company’s Existing Prevention & Response Strategies
October is National Cybersecurity Awareness Month, which makes it an excellent time to evaluate your company’s existing prevention and response strategies. A new study regarding the frequency of cyber-attacks should serve as motivation to also evaluate your insurance coverage.
Half of Businesses Experienced Cyberattacks in the Past Year
In total, 53 percent of U.S. businesses have fallen victim to a cyber attack in the past year, according to a recent survey by The Hartford Steam Boiler Inspection and Insurance Co. (HSB). In response to the increased frequency of attacks, nearly two-thirds of companies purchased or increased their level of cyber insurance coverage over the past year. An additional 56 percent of obtained cyber insurance for the first time.
In many cases, the cyber attacks were costly. Of those that experienced cyber attacks, 72 percent spent more than $5,000 to restore or replace software and hardware and address other ramifications of the intrusion. The study further found that 38 percent spent more than $50,000 to investigate the incident and remediate IT vulnerabilities and customer impact: 10 percent spent $100,000 to $250,000, and seven percent, more than $250,000.
When businesses were hacked, the most frequent consequences were data loss (with 60 percent of companies falling victim) and business interruption (55 percent). The most common culprits of the cyber-attacks were malware (53 percent) and viruses (51 percent). The surveyed U.S. businesses also experienced distributed denial of service (DDoS) attacks (35 percent), ransomware (29 percent), cyber extortion (25 percent), and social engineering (13 percent). Not surprisingly, businesses listed disgruntled employees (a/k/a malicious insiders) and hackers as the biggest threats to their data security.
Do Your Data Protection Procedures Leave Room for Improvement?
While most businesses recognize the threats posed by cyber-attacks and data breaches, studies continually show that many are not devoting the resources needed to adequately address the problem. And that’s understandable – to a point. While businesses must focus on money-generating activities to survive, they must also recognize that the cost of doing business must include adequate cybersecurity measures because a single data breach could easily wreak havoc and interrupt the very business activity necessary to survive – and even destroy the business.
Refreshingly, cybersecurity and IT hygiene need not be complicated or prohibitively costly. In fact, most of the data breach incident response investigations I’ve handled could have been mitigated, if not prevented, had simple measures been taken by the organizations targeted.
With this in mind, below are a few basic, yet valuable, principles for improving your company’s cybersecurity:
Know your Data: Businesses must take steps to protect their confidential data, including customer data, no matter where it is stored. This includes data on employee mobile devices, the company’s web portal for employees, and servers the company controls.
Police vendors and employees: It is not enough to have data security policies and procedures in place. To ensure compliance, businesses should conduct periodic audits of their third-party vendors and employees. You may be shocked to discover that your suppliers do not encrypt the sensitive data you entrust to them or that your employees often fail to install required security updates.
Be flexible: Effective data security measures must be flexible to meet a company’s changing needs. This requires that you regularly evaluate your company’s data security vulnerabilities as well as emerging threats.
Review insurance coverage: Businesses should evaluate their current insurance policies to determine if losses incurred due to a cyber attack (business interruption, website outage, privacy breach) would be covered. If you do identify coverage gaps, it is advisable to consider a cyber-insurance policy that specifically addresses these risks.
Act quickly: If you do suffer a cyber attack, it is imperative to act quickly. Not only does this require having a data breach response and notification plan in place before a hacker strikes, BUT ALSO knowing a trusted cyber lawyer to call the instant a breach occurs. Everyone in the organization from the crisis management team, to the IT staff, to the executive management should understand their duties and be prepared to execute them with the help of a cyber lawyer.
As we continually emphasize to our clients, effective data security policies and procedures are essential for businesses of all sizes. Failing to have the proper protections in place will not only hurt your company’s reputation but also may impact your bottom line.
To see how these principles translate into specific actions you can take – today – to be more secure, stay tuned for helpful, daily cybersecurity tips that can help businesses better protect themselves from cyber threats and ensure that trade secrets and personal information are not exposed and compromised.
Do you have any feedback, thoughts, reactions or comments concerning this topic? Feel free to leave a comment below for Fernando M. Pinguelo. If you have any questions about this post, please contact me or the Scarinci Hollenbeck attorney with whom you work.To learn more about data privacy and security, visit eWhiteHouse Watch – Where Technology, Politics, and Privacy Collide (http://ewhwblog.com).
Corporate Transactions: Best Practices for Successful Deals
Corporate transactions can have significant implications for a corporation and its stakeholders. For deals to be successful, companies must act strategically to maximize value and minimize risk. It is also important to fully understand the legal and financial ramifications of corporate transactions, both in the near and long term. Understanding Corporate Transactions The term “corporate […]
How to Conduct a Fair and Legal Employee Termination in 2025
Ongoing economic uncertainty is forcing many companies to make tough decisions, which includes lowering staff levels. The legal landscape on both the state and federal level also continues to evolve, especially with significant changes to the priorities of the Equal Employment Opportunity Commission (“EEOC”) under the Trump Administration. Terminating an employee is one of the […]
Admin Dissolution for Annual Report: What You Need to Know
While filing annual reports may seem like a nuisance, failing to do so can have significant ramifications. These include fines, reputational harm, and interruption of your business operations. In basic terms, “admin dissolution for annual report” means that a company is dissolved by the government. This happens because it failed to submit its annual report […]
Antitrust laws are designed to ensure that businesses compete fairly. There are three federal antitrust laws that businesses must navigate. These include the Sherman Act, the Federal Trade Commission Act, and the Clayton Act. States also have their own antitrust regimes. These may vary from federal regulations. Understanding antitrust litigation helps businesses navigate these complex […]
Dissolving Your Business: Essential Legal Steps to Protect Your Interests
If you’re considering closing your business, it’s crucial to understand that simply shutting your doors does not end your legal obligations. Unless you formally dissolve your business, it continues to exist in the eyes of the law—leaving you exposed to ongoing liabilities such as taxes, compliance violations, and potential lawsuits. Dissolving a business can seem […]
The Role of Corporate Restructuring in Mergers & Acquisitions
Contrary to what many people think, corporate restructuring isn’t all doom and gloom. Revamping a company’s organizational structure, corporate hierarchy, or operations procedures can help keep your business competitive. This is particularly true during challenging times. Corporate restructuring plays a critical role in modern business strategy. It helps companies adapt quickly to market changes. Following […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
