As attacks on businesses' networks continue at unprecedented levels, cyber risks have become the top concern among organizations of all sizes for the first time, according to a new survey.
The "Travelers Risk Index" found that 55% of executives surveyed said they worry "some" or "a great deal" about cyber risks. That's more than they worry about medical cost inflation (54%), employee benefit costs (53%), the ability to attract and retain talent (46%), and legal liability (44%).
The most common types of attacks, and which pose the biggest security threat to businesses, are phishing and fake emails. These attacks are difficult to combat because of the human factor involved.
In phishing emails, the cyber criminals will pose as colleagues or vendors to dupe an unsuspecting employee to share a password or click on a malicious link that will give them access to the company's network.
In addition, ransomware has brought many businesses and government agencies to a standstill as the same technique is used to freeze an entire network and render it unusable until the company pays a ransom for a key to unlock the network.
As concerns about cyber threats have grown, more businesses say they are taking proactive measures to safeguard against cyber risks:
A single cyber attack can put a company out of business. Taking the threat seriously and implementing a risk management program that addresses possible exposures can help a business not only avoid an attack, but also recover from one as quickly as possible.
How to lower the chances of a cyber attack
The insurance company Chubb recommends the following steps to reduce the chances of a cyber attack on your organization:
Identify your sensitive data - Credit card and personally identifiable information is often the target of cyber attacks.
Educate your staff - Educate employees about cyber attacks and how to protect the network. The most important thing for employees to remember is to not to open attachments from people they don't know or in emails they don't expect.
Procedures for encrypting personal or sensitive information should be provided, and employees should be required to change their passwords regularly.
Have security in place - A web application firewall should be in place to protect your website, in addition to a firewall for your company's network. If credit card payments are accepted, you should have an e-commerce platform that is compliant with payment card industry data security standards Level 1.
Secure your hardware - Data breaches can be caused by physical property being stolen, too. If servers, laptops, cell phones, or other electronics are not secure and easy to steal, you are taking a big risk. Physically locking down computers and servers is a good idea.
As cyber threats become more sophisticated, cyber-insurance policies have evolved. Many types of policies exist, and they can be tailored for specific types of businesses. The key is getting a policy that best fits your organization and covers any eventualities that you may encounter.
When reviewing cyber insurance options, consider the following coverage options:
Some policies are stand-alone products, while others are endorsements to existing polices like a business owner's policy.