Skip to main content
search
cyber insurancecybersecurityInsurance

Business Cybersecurity Practices: Fortify Your Defense

By October 7, 2024No Comments

Now is not the time for cybersecurity complacency. Hackers are armed with new AI tools, which is leading to cyberattacks that are both more frequent and harder to avoid. Business owners have a lot at stake, but they can reduce their risk through ongoing education and continued vigilance. 

Cybersecurity for Businesses

The statistics should be a wakeup call for any business. According to a report from Apple, the number of data breaches more than tripled between 2013 and 2022. In the first nine months of 2023, there had already been 20% more data breaches than in all of 2022 and ransomware attacks were up 70% compared to the first nine months of 2022.

Businesses of all sizes are vulnerable. The 2023 Business Impact Report from the Identity Theft Resource Center found that only 28% of small businesses had not experienced a cyberattack in the past year – 20% had experienced a data breach, 29% had experienced a security breach, and 24% had experienced both. The losses were also substantial, with 26% reporting losses of $250,000 to $500,000 and 13% reporting losses in excess of $500,000.

The good news is businesses can greatly reduce the risk and impact of a cyberattack through good cybersecurity practices. Although year-round vigilance is key, October is Cybersecurity Awareness Month, making now a great time to brush up on the basics and learn about new threats.

Common Cyber Threats to Businesses

Businesses are under constant attack from hackers and scammers. The threats are both numerous and varied. They include:

  • Social Engineering Scams. Cyberattacks often exploit human vulnerabilities rather than technical ones. For example, phishing attacks encourage victims to click on a malicious link or provide sensitive information, whereas elaborate business email compromise (BEC) schemes try to trick victims into authorizing wire transfers. IC3 received 21,389 BEC complaints in 2023, with losses of more than $2.9 billion. Phishing is even more common: IC3 received 298,878 phishing complaints in 2023.

  • Ransomware. Chainalysis says ransomware payments reached a record high of more than $1 billion in 2023.

  • Data Breaches. Some data breaches are tied to ransomware, but they may also result from other cybersecurity incidents, including phishing and exploited computer system vulnerabilities.

  • Vendor Attacks. Apple warns that attacks on vendors are increasing. These may impact organizations that depend on a targeted vendor.

The Devastating Consequences of a Cyberattack

Cyberattacks cause both immediate and long-term consequences for businesses. They may:

  • Disrupt operations. Many businesses rely on computer systems for daily operations. An attack may impact equipment, cash registers, doors, and other items if these are connected to a computer system.

  • Delete data. It is not always possible to recover 100% of the impacted files, even when the incident is a ransomware attack and the business pays the ransom.

  • Tarnish reputations. Customers count on businesses to keep their personal information safe and to provide timely services. When cyberattacks disrupt business or expose customer information, customers may lose trust.

  • Result in high cleanup costs. Businesses need to determine the extent of the problem, stop continued attacks, recover systems, and comply with state data breach notification laws. These costs add up.

Essential Data Protection Strategies and Business Cybersecurity Practices

To minimize the risk and impact of a cyberattack, businesses should implement good cybersecurity practices.

  • Develop a comprehensive cybersecurity policy. When the leaders say they’re committed to cybersecurity but their employees don’t practice good cybersecurity in day-to-day activities, cyber incidents become likely. Promote cybersecurity at all levels through a comprehensive cybersecurity policy that covers things like strong passwords, multifactor authentication, email encryption, the use of personal devices, and the reporting of incidents or suspected incidents.

  • Invest in continued training. Since cybercriminals keep changing their tactics, businesses need to keep training their workforce on things like phishing prevention and cybersecurity best practices. The use of AI to create sophisticated phishing messages, voice cloning, and even deepfake videos are particularly a cause for concern. Workers who would not normally fall for scams may be convinced by calls or video conference meetings with someone who looks and sounds like their boss.

  • Keep computer systems secure. Set configurations with security and ransomware protection in mind. For example, the principle of least privilege helps limit access. Other key measures include data encryption, the use of strong passwords and multifactor authentication, firewalls, and antivirus software. To make sure your system stays secure, apply software updates as they become available.

  • Create a cyber incident response plan and business continuity planning. If a cyber incident occurs, how will your business deal with the threat and continue operations? Having secure backups of data will help, as will cyber insurance.

The Role of Cyber Insurance in Cyber Risk Management

Cyber insurance for businesses helps in a recovery from a data breach or other cyber incident. Although terms vary, cyber policies often cover data breaches, cyber extortion, and social engineering. If an incident occurs, insurance will help with the costs associated with forensic investigations, customer notification, business interruption, and data recovery.

For businesses dealing with a cyber incident, insurance is also a great source of guidance to minimize losses and comply with relevant regulations. With the threat of cyberattacks continuing to grow, cyber insurance is becoming an important last line of defense.

Steps to Take After a Cyber Incident

If a cyber incident occurs, quick action will minimize the disruption and financial losses.

  • Contact your cyber insurer. If you have cyber insurance, notify your insurer immediately. Your insurer will help you navigate the situation.

  • Take immediate steps to protect your computer systems and information. For example, if cybercriminals have access to your computer systems, remove this access.

  • Assess the threat. A forensic investigation will reveal the extent of the incident – for example, which files the attack has impacted and how the attack happened.

  • Determine your legal obligations and notify impacted parties. Data breach notification laws will likely require your business to notify all customers whose data has been impacted.

  • Consider the best way to resume operations. You’ll want to get back to business as fast as possible after an attack that has disrupted your operations. This may require using data backups or low-tech alternatives to computer systems.

Don’t wait until a cyberattack strikes your business. Assess your cybersecurity measures now and determine how you can reduce the odds of an attack. Reach out to our agency for a consultation about cyber insurance and risk management solutions.

You May Also Like

Insurance

From Policy Number to Person: What It Really Means to Put the Client First

Author: Reid Reynolds In our industry, “customer-centricity” gets tossed around a lot. You’ll hear it in webinars, see it in…
Dshanya Reese
Dshanya ReeseApril 18, 2025
Insurance

Reimagining Employee Benefits: A Focus on Mental Health

Supporting Mental Health in Today’s WorkplaceBurnout. Stress. Anxiety. These aren’t just buzzwords. They’re daily realities for many employees. Whether it’s…
Dshanya Reese
Dshanya ReeseApril 14, 2025
Insurance

Is Your Workers’ Comp Policy Keeping Up With Rising Claims and Shifting Costs?

Workers’ comp costs are changing and if you're a Texas employer in construction, logistics, or any labor-intensive field, you’ve likely…
Dshanya Reese
Dshanya ReeseApril 14, 2025

Watkins Insurance Group - Logo Icon

Contact Us

Get in touch today.

 512-452-8877
Email Us
512-452-0999 fax

View Our Locations

Experience the Value of an Independent Agency

Watkins Insurance Group is here to help and be your advocate of choice for insurance solutions.

This website provides only a simplified description of coverages and is not a statement of contract. Coverage may not apply in all states. For complete details of coverages, conditions, limits, and losses not covered, be sure to read the policy, including all endorsements, or prospectus, if applicable.

© 2025 Watkins Insurance Group | Powered by Forge3 ActiveAgency | All rights reserved | Privacy Policy