Cyber attacks on large corporations or governmental bodies grab the headlines, but in recent years cyber criminals have shifted their focus toward small and mid-sized businesses.
Cyber Security in a Cashless Economy
Smaller businesses are less likely to have strong cyber risk controls in place. One reason is the rapid transition from a cash economy to one that is virtually cashless. We now use debit or credit card to order the pizza and tickets online. As the economy has undergone this shift, so have the processes used by small businesses. For small and mid-sized businesses, adapting to this new reality creates risks and one may not be totally aware of the exposures.
When a big company is hit by a cyber attack, it immediately becomes headline news. Some cyber attackers seek publicity by hitting large corporations and government bodies or medical facilities. For those who wish to shun the glare of publicity smaller and mid-sized companies are easier targets with less risk of discovery. Big banks and retailers are obvious targets for cyber attackers because they store and process vast quantities of credit and debit card data and personally identifiable information.
However, a company doesn’t have to be in the Fortune 500 to possess data that is attractive to cyber criminals. A small or mid-sized business may have information that is more appealing to a cyber attacker than data from the obvious large businesses.
Most business functions rely on computers and the Internet in some capacity. Virtually any organization or firm maintains a great deal of personal data on current and former employees. In addition, proprietary customer data is also sensitive. The cyber security exposure for firms is nevertheless material to their financial well-being. With the convenience of using computers come potential risks:
- Web application attacks
- Malware and viruses erasing your entire system
- Hackers breaking into your system and altering files
- Using your system to attack others
- Utilizing your financial information to make unauthorized purchases
- Physical theft and loss
While transferring cyber risk to an insurer is a prevalent risk management approach, it should be viewed as a complement to an overall cyber risk management strategy.
- Internet / Media Liability
- Security and Privacy Liability
- Identity Theft Insurance
Article provided by Fitzhugh Powell, Jr. AAI, CRIS, CWCA of
Cecil W. Powell & Company