It’s a common misconception that small- to medium-sized businesses aren’t considered lucrative targets for hackers. However, just because incidents impacting their online security don’t make the headlines doesn’t mean that your small- to medium-sized business clients aren’t at risk. Today, hackers are engaging in a game of numbers, automating cyberattacks and casting their dark web over thousands of businesses simultaneously to find the most vulnerable of targets.
Research conducted by Information Security Buzz revealed that 55% of businesses with less than 100 employees have experienced a cybersecurity breach that includes a ransomware attack. Part of the reason is because small- to medium-sized businesses typically lack the proper data backup solutions. Ransomware attackers understand this and are targeting these types of businesses as they believe them to be more inclined to pay the ransom.
It is impossible to safeguard against every type of cyberthreat. However, educating your business clients regarding the latest scams and the importance of mitigating risks should a cyberattack occur are proactive steps in the right direction.
The top three cybersecurity threats facing businesses today
- Ransomware attacks continue to be the No. 1 cybersecurity risk. In 2021, ransomware attacks grew by over 40% compared to 2020. More than ever before, businesses are being held hostage by hackers demanding large sums of money in exchange for releasing a company’s data. In addition to the ransom, businesses also face costs associated with remediation, downtime, lost orders, operational expenses, etc. In fact, the average cost of recovering from an attack is 10 times the size of the actual ransom payment.
- Malware. Malware is a term for malicious code that hackers use to gain access to networks to steal/destroy data, infect systems, assume control (as in a ransomware situation), etc. Common malware methods used by hackers to infiltrate and attack systems include email attachments, malicious advertisements on popular sites (malvertising), fake software installations, infected USB drives and apps, phishing/spam emails, and text messages. A single malware attack can cripple a business for days, weeks, or even months and require expensive repairs, as well as compromise the personal and financial information of customers and employees.
- Social engineering. Between May 2020 and June 2021, there were over 12 million social engineering attacks reported, impacting more than 3 million email inboxes and affecting over 17,000 businesses. The most common type of social engineering crime is phishing, where a hacker manipulates a user into sharing sensitive company information, such as login credentials and account numbers, to access a company’s system or deploy malicious software.
At the end of September, an estimated 45% of full-time U.S. employees worked remotely from home, according to a recent Gallup poll. Today, these figures remain unchanged, signaling that many employers are putting return-to-office plans on hold. With an increase in remote and hybrid work arrangements, we’ll likely see an increase in cyberattacks as unsupervised workers use personal devices and home networks for work purposes. While organizations may have strong cybersecurity measures in the office, they may not be aware of additional exposures associated with employees working remotely. The most common remote risk exposures include:
- Low-security home network connections.
- Employee-owned devices without strong security measures or updated software.
- Lack of employee training in keeping company data secure (e.g., identifying suspicious emails and attachments), as well as steps to take when they believe a breach has occurred.
As hackers become increasingly sophisticated with their tactics, businesses will continue to face a myriad of cybersecurity threats. Helping mitigate these and other emerging cyber risks requires a multifaceted risk management approach.
At Topa Insurance Company, we make it easy for our broker partners to provide their commercial business clients with a wide range of cybersecurity insurance solutions. The Cyber Suite Add-On option for our TPCI product offers comprehensive coverages designed to help businesses respond to a full range of cyber incidents, including threats of unauthorized intrusion into or interference with computer systems, damage to data, and systems from a computer attack, and cyber-related litigation.