5 minute read
The COVID-19 pandemic has forced many small businesses to maneuver online, whether this means having employees work remotely or opening an online store to carry on operations. According to Statistics Canada, 40 percent of Canadians were working from home when lockdowns were enforced at the begining of 2022, when compared with less than 10 % in 2022. Although this may drive productivity and lead to increased sales for your business, you may be more vulnerable to some cyber attack as hackers look to steal valuable information.
To better understand how small businesses perceive their cyber risks, we partnered with Leger, a Canadian researching the market and analytics company, to conduct market research of 422 businesses representing different industries in September 2022. We found that only 29 per cent of companies believe they are in a high-risk of a cyber-attack and just 15 percent have implemented preventative IT and employee training. When it comes to investing in cyber risk or data breach insurance, only 15 per cent of smaller businesses have done so.
What can your company do to prevent a cyber attack and how can insurance help? To reply to these questions and assist you to navigate the field of cybercrime, we look at some of the most common cyber risk myths and debunk them with statistics and examples. Learn more about the way your cyber risks myths have evolved throughout the COVID-19 pandemic in our cyber risk guide.
Myth #1: Data doesn't need to become supported regularly.
When you support your computer data, you produce a copy that can be recovered in the event of a cyber attack. Proper back up storage involves saving your information to some separate system, such as another drive or USB stick.
Only 15 per cent of smaller businesses we surveyed had implemented preventative IT and employee training.
If your business falls victim to ransomware, which locks you out of your data,= the hackers responsible may attempt to ransom it back. Should you happened to back up all of your information each day before the cyber attack, your company could be in a better position to recuperate.
However, if you last performed a backup one month ago, there's a greater chance that you'll be locked out of important data, which makes it more difficult for the business to resume operations. Ideally, your backed-up data is recent enough you don't even need to pay the ransom to get your locked data back. Instead, you can just proceed together with your backup version.
Myth #2: Customer data only needs to be protected if it's related to financial information.
Most cyber breaches involve accessing and stealing data that's vulnerable and exposed, whether they're files, documents, or any other sensitive information. This may be your information or your customers. Examples of kinds of data that could be stolen from you include:
- Financial information, such as credit card or bank details
- Confidential business information, for example login credentials and passwords
- Personal health records, for example medication requirements
- Sensitive personal information, for example addresses and phone numbers
- Intellectual property, for example copyrighted materials, patents, and trademarks
Even though businesses may be more prone to protect customer data of a financial nature, the reality is that all customer data is worth protecting equally. This is because hackers along with other criminals don't need financial information to seriously damage a person's finances.
Most cyber breaches involve accessing and stealing data that's vulnerable and exposed, whether they're files, documents, or other sensitive information.
If a cybercriminal obtains charge card information, just how long is their window of opportunity for doing things for illegal activity? Although it could take a month or two for customers and firms to understand a card was compromised, the credit card can be cancelled quickly. However, what if that very same hacker could access names, emails, and residential addresses, then checked online sources for example social media sites to collect enough private information to commit id theft? That kind of crime may take victims years to recover from.
Scenarios such as the one above highlight some of the reasons that companies have been hit with class-action lawsuits after their data was breached, even though no compromised information was finance related.
Myth #3: A class-action lawsuit may be the biggest risk to a business whose customer information continues to be hacked.
If your customer data gets leaked towards the public and also the customers impacted decide to not file a category action suit, does that mean the company is in the clear? The solution, unfortunately, is absolutely not.
Cyber attacks, even without class action or any other lawsuits, can severely damage a company's reputation. Existing and prospective customers may distance themselves from the hacked business as a precaution. Enlisting reputation-management professionals to handle crisis could be a significant cost. Recovering your compromised data from the cyber criminals and restoring it to your systems isn't something you'll want to do alone, and will require the aid of IT professionals. Since it might take some time to get your business back up and going after a cyberattack, the amount of potential revenue lost during that process can quickly accumulate.
In short, lawsuits really are a risk to companies that already went through a a cyber attack however they aren't necessarily the only one, as other risks can be quite problematic as well.
Only 11 per cent of small to medium sized businesses have purchased cyber risk or data breach insurance.
Myth #4: A company that stores electronic data isn't best with cyber insurance.
Many small businesses believe they don't need cyber risk or data breach insurance, or they haven't thought about purchasing this coverage.
The reason cyber insurance is worth considering and becoming is because it can help a company each and every scenario mentioned above. Should you forget to support your computer data or have your data stolen, insurance can help you recover and get to business as soon as possible. If you want to employ a reputation-management professional after your company gets hacked, insurance can help you cover the expense. If you cannot operate whilst getting your business support and running carrying out a cyberattack, business interruption insurance could be as part of your policy. Even if you wind up facing litigation as a result of your customer data being leaked, insurance can sort out the legal fees.
Protect your company with a tailored cyber risk insurance policy
The the truth is that any company, no matter their size or resources, could be the victim of a cyber attack. We can function with you to make sure your policy addresses your cyber risks. Visit our cyber risk and data breach coverage page to get going!