What businesses need to know about the threat of cyber attacks

  • The business world needs to prepare for what will happen after a cyberattack.
  • A ransomware attack can jeopardize the valuation of a business.
  • This article is part of the “Cybersecurity Briefing” series focusing on the country’s preparedness and what business IT leaders see as the top policy priorities.

We are really sorry! We encountered a system failure and were unable to take your email this time.

Cyber ​​security in business is a puzzle. In some companies, this is seen as a barrier to the smooth running of sales operations, as security can lead to delays and hamper rapidly evolving sales opportunities.

In other companies, this is a business imperative and a major concern for the board of directors as well as a goal when it comes to acquiring and managing talent.

For the rest, cybersecurity sits somewhere in the middle – businesses need it to meet regulatory and legal requirements for governance, risk and compliance, while others see it as a distraction.

In a recent CNBC and Momentive survey of 2,000 small businesses, 56% of those polled said they were not worried about being hacked in the next 12 months, while 24% said they were not. “not at all concerned”. That said, Verizon’s 2021 Data Breach Investigation Report found that 28% of data breaches in 2020 involved small businesses.

Industry reports indicate that 60% of businesses go out of business within six months of a data breach or cyber attack, according to the National Cyber ​​Security Alliance. It comes as cybercriminals improve their efficiency and expand their capabilities.

In many organizations, the responsibility for cybersecurity rests with technical staff, including the Chief Information Officer and the Chief Information Security Officer (CISO).

Cyber ​​threats affect more than the data infrastructure. Cyber ​​attacks also threaten reputation, mergers and acquisitions, company valuation, the ability to raise or obtain financing and other business-centric functions that are beyond the purview of technical teams.

“When a cyber incident occurs it affects the entire business and critical decisions need to be made within hours, not days, after an incident occurs,” said Kevin Breen, director of cyber threat research at Immersive Labs, a cybersecurity preparation company.

As part of this response, there must be a quick understanding of the broader risk, governance and legal requirements. “It’s critical that an CISO breaks down technical jargon into clear, concise and actionable decision points” for the board, said Breen, adding, “Context is arguably the most important piece of information you have. need, and this must involve all stakeholders at the earliest stage.

For example, if a company is considering a merger or acquisition, a cyber attack can influence the value of the asset acquired or the amount of money the company can raise. In 2017, after Yahoo disclosed two major data breaches, Verizon’s takeover bid for the company fell from $ 4.75 billion to $ 4.48 billion, a whopping $ 350 million drop. dollars.

The importance of cybersecurity due diligence

An often overlooked element of a merger or acquisition is how the cybersecurity tools, policies, procedures and operations of the two corporate entities will come together. Incompatible systems, software and the implementation of security protocols can lead to data leaks and vulnerabilities in different security systems.

“He’s not just an attacker you have to worry about – you might also have to deal with human error,” Breen said. “Before joining two networks, a complete inventory of the infrastructure should be done to understand what assets are in place and who owns them. It would be easy, for example, to lose track of a development or test network, leaving it unpatched and exposed as a hidden weak point. “

Cyber ​​insurance requirements

While it is important to have a comprehensive cybersecurity strategy, cyber insurance providers need a list of components for policy eligibility. While these checklists may vary from vendor to vendor, many must-haves are similar. They often include:

Often times, cybersecurity attorneys check to see if companies have cyber insurance to partially protect themselves against financial loss.

It is common for businesses in today’s cyber insurance environment to run the risk of losing their protection. Carriers and brokers are taking a closer look at policies for renewal due to significant financial losses over the past year. In Canada, for example, cyber insurers have a loss ratio of 113%, according to Canadian Underwriter.


Comments are closed.