October is National Cybersecurity Awareness Month, Which Makes it an Excellent Time to Evaluate Your Company’s Existing Prevention & Response Strategies
October is National Cybersecurity Awareness Month, which makes it an excellent time to evaluate your company’s existing prevention and response strategies. A new study regarding the frequency of cyber-attacks should serve as motivation to also evaluate your insurance coverage.
Half of Businesses Experienced Cyberattacks in the Past Year
In total, 53 percent of U.S. businesses have fallen victim to a cyber attack in the past year, according to a recent survey by The Hartford Steam Boiler Inspection and Insurance Co. (HSB). In response to the increased frequency of attacks, nearly two-thirds of companies purchased or increased their level of cyber insurance coverage over the past year. An additional 56 percent of obtained cyber insurance for the first time.
In many cases, the cyber attacks were costly. Of those that experienced cyber attacks, 72 percent spent more than $5,000 to restore or replace software and hardware and address other ramifications of the intrusion. The study further found that 38 percent spent more than $50,000 to investigate the incident and remediate IT vulnerabilities and customer impact: 10 percent spent $100,000 to $250,000, and seven percent, more than $250,000.
When businesses were hacked, the most frequent consequences were data loss (with 60 percent of companies falling victim) and business interruption (55 percent). The most common culprits of the cyber-attacks were malware (53 percent) and viruses (51 percent). The surveyed U.S. businesses also experienced distributed denial of service (DDoS) attacks (35 percent), ransomware (29 percent), cyber extortion (25 percent), and social engineering (13 percent). Not surprisingly, businesses listed disgruntled employees (a/k/a malicious insiders) and hackers as the biggest threats to their data security.
Do Your Data Protection Procedures Leave Room for Improvement?
While most businesses recognize the threats posed by cyber-attacks and data breaches, studies continually show that many are not devoting the resources needed to adequately address the problem. And that’s understandable – to a point. While businesses must focus on money-generating activities to survive, they must also recognize that the cost of doing business must include adequate cybersecurity measures because a single data breach could easily wreak havoc and interrupt the very business activity necessary to survive – and even destroy the business.
Refreshingly, cybersecurity and IT hygiene need not be complicated or prohibitively costly. In fact, most of the data breach incident response investigations I’ve handled could have been mitigated, if not prevented, had simple measures been taken by the organizations targeted.
With this in mind, below are a few basic, yet valuable, principles for improving your company’s cybersecurity:
Know your Data: Businesses must take steps to protect their confidential data, including customer data, no matter where it is stored. This includes data on employee mobile devices, the company’s web portal for employees, and servers the company controls.
Police vendors and employees: It is not enough to have data security policies and procedures in place. To ensure compliance, businesses should conduct periodic audits of their third-party vendors and employees. You may be shocked to discover that your suppliers do not encrypt the sensitive data you entrust to them or that your employees often fail to install required security updates.
Be flexible: Effective data security measures must be flexible to meet a company’s changing needs. This requires that you regularly evaluate your company’s data security vulnerabilities as well as emerging threats.
Review insurance coverage: Businesses should evaluate their current insurance policies to determine if losses incurred due to a cyber attack (business interruption, website outage, privacy breach) would be covered. If you do identify coverage gaps, it is advisable to consider a cyber-insurance policy that specifically addresses these risks.
Act quickly: If you do suffer a cyber attack, it is imperative to act quickly. Not only does this require having a data breach response and notification plan in place before a hacker strikes, BUT ALSO knowing a trusted cyber lawyer to call the instant a breach occurs. Everyone in the organization from the crisis management team, to the IT staff, to the executive management should understand their duties and be prepared to execute them with the help of a cyber lawyer.
As we continually emphasize to our clients, effective data security policies and procedures are essential for businesses of all sizes. Failing to have the proper protections in place will not only hurt your company’s reputation but also may impact your bottom line.
To see how these principles translate into specific actions you can take – today – to be more secure, stay tuned for helpful, daily cybersecurity tips that can help businesses better protect themselves from cyber threats and ensure that trade secrets and personal information are not exposed and compromised.
Do you have any feedback, thoughts, reactions or comments concerning this topic? Feel free to leave a comment below for Fernando M. Pinguelo. If you have any questions about this post, please contact me or the Scarinci Hollenbeck attorney with whom you work.To learn more about data privacy and security, visit eWhiteHouse Watch – Where Technology, Politics, and Privacy Collide (http://ewhwblog.com).
Common Legal Mistakes NYC and New Jersey Business Owners Make
Operating a business in the New Jersey and New York City metropolitan region offers incredible opportunities, but it also requires navigating a dense and highly regulated legal environment. From entity formation to regulatory compliance, seemingly minor legal oversights can expose business owners to significant risk. In our work with businesses throughout the region, our attorneys […]
High-profile founder litigation is more than just a media spectacle. For startup founders, these cases underscore the legal and structural risks that can arise when rapid growth outpaces formal oversight. While launching a new company can be both an exciting and deeply rewarding endeavor, founders must be mindful that it also comes with significant risks. […]
Corporate Governance Reviews: A Practical Guide for New Jersey Companies
Every New Jersey company should periodically evaluate its governance framework. Strong corporate governance protects directors and officers, builds investor confidence, reduces litigation exposure, and positions a company for sustainable growth. The first quarter of the year is a great time to evaluate your corporate governance practices and perform any routine maintenance needed to keep that […]
What to Do After Being Served with a Lawsuit: Steps to Protect Your Legal Rights
Being served with a lawsuit is one of the most stressful legal events a business or individual can face. Whether the claim involves a contract dispute, an employment matter, an intellectual property issue, or another legal challenge, the actions you take in the first few days can significantly shape the outcome of your case. Acting […]
Will 2026 Be a Banner Year for SPACs? Understanding the Risks and Opportunities
Special Purpose Acquisition Companies (SPACs) continue to gain momentum as we move through 2026. After enduring a significant contraction following the 2021 boom and the regulatory scrutiny that followed, SPAC activity rebounded sharply in 2025 and now carries forward into 2026 with real momentum. The SPAC resurgence reflects broader improvements in both market conditions and the […]
Why Compliance Monitoring Matters for NY and NJ Businesses
Compliance programs are no longer judged by how they look on paper, but by how they function in the real world. Compliance monitoring is the ongoing process of reviewing, testing, and evaluating whether policies, procedures, and controls are being followed—and whether they are actually working. What Is Compliance Monitoring? In today’s heightened regulatory environment, compliance […]
No Aspect of the advertisement has been approved by the Supreme Court. Results may vary depending on your particular facts and legal circumstances.
Sign up to get the latest from our attorneys!
Explore What Matters Most to You.
Consider subscribing to our Firm Insights mailing list by clicking the button below so you can keep up to date with the firm`s latest articles covering various legal topics.
Stay informed and inspired with the latest updates, insights, and events from Scarinci Hollenbeck. Our resource library provides valuable content across a range of categories to keep you connected and ahead of the curve.
Let`s get in touch!
Sign up to get the latest from the Scarinci Hollenbeck, LLC attorneys!
