Cybersecurity Awareness Month: Risks, Costs, and Protection Strategies

The Cybersecurity and Infrastructure Security Agency (CISA) kicked off the 21^st Cybersecurity Awareness Month on Oct. 1, 2024, and the cyberthreat risks and costs have never been greater to U.S. businesses and individuals.

“As we become ever more dependent on devices and the internet, it’s no surprise that cybercriminals are finding more inventive (and costly) ways to take advantage,” reports USA Today. “According to a Cybersecurity Ventures report, the cost of cybercrime hit $8 trillion in 2023 — translating to over $250,000 per second. The total annual cost is projected to rise to $10.5 trillion by 2025.”

Cybercrime numbers, according to Cybercrime Magazine, can be quite sobering:

• Cybersecurity Ventures estimates that around half of all cyberattacks globally strike small businesses, and it’s been reported in various media outlets over the past decade that 60 percent of small companies go out of business within six months of falling victim to a data breach or cyberattack.
  
  
• 60 percent of small businesses say that cybersecurity threats, including phishing, malware, and ransomware, are a top concern, according to the MetLife & U.S. Chamber of Commerce Small Business Index for Q1 2024. Less than half of small businesses say they are concerned about theft (42 percent), natural disasters (39 percent), or acts of terrorism (37 percent).
  
  
• Roughly one million more people join the internet every day. There were around 6 billion people connected to the internet interacting with data in 2022, up from 5 billion in 2020 — and we predict there will be more than 7.5 billion internet users in 2030. If street crime grows in relation to population growth, so will cybercrime.

Cybercrime: What’s at Risk

Cyberattacks and cybercrimes pose significant risks for businesses of all sizes, including small businesses.

In fact, small businesses are particularly vulnerable to cyberattacks as they often lack robust cybersecurity measures due to limited resources and expertise, so cybercriminals view them as easier targets compared to larger enterprises with more sophisticated defenses.

Unfortunately, many small business owners underestimate their risk, believing hackers only target large companies.

Here are some key risks all businesses face in terms of cyberattacks:

• Data
  • Customer personal information.
  • Financial data.
  • Intellectual property.
  • Employee information.
  • Strategic business plans.

• Financial Assets
  • Direct theft through fraudulent transactions.
  • Ransom payments in case of ransomware attacks.

• Operational Capability
  • System downtime.
  • Disruption of business processes.

• Reputation
  • Loss of customer trust.
  • Negative media coverage.
  • Damage to brand image.

• Legal and Regulatory Standing
  • Non-compliance fines.
  • Lawsuits from affected parties.

• Competitive Advantage
  • Loss of trade secrets.
  • Theft of strategic plans.

Cybercriminals seek to exploit small businesses to gain access to customer credit card records, bank accounts, supplier networks, and employee financial and personal data.

By understanding these risks, small businesses can better prepare themselves and implement appropriate cybersecurity measures to protect their assets, data, and reputation.

Cybercrime: What’s at Stake

The stakes are higher and higher for businesses faced with cybercrimes with cybersecurity incidents at SMBs costing anywhere from $800 to $650,000. For many small businesses, a cyberattack has the potential to put them out of business.

The costs of a cyberattack can include:

• Direct Financial Losses: In 2020 alone, there were over 700,000 attacks against small businesses, totaling $2.8 billion in damages. For large corporations, costs can run into hundreds of millions per incident.
• Operational Downtime: Average cost per minute of downtime: $5,600 (Gartner). Almost half of SMBs reported that it took 24 hours or longer to recover from an attack and that their website was down between 8 and 24 hours. Statista reports that ransomware attacks can interrupt business for an average of 24 days.
• Ransom Payments: Some payments have exceeded a staggering $10 million! According to Varonis, the average ransom in 2024 is $2.73 million, almost an increase of $1 million from 2023.
• Regulatory Fines: Regulatory fines for cyber attacks vary depending on the law and severity of the breach. HIPAA fines can range from $50 to $50,000 per violation with a maximum annual fine of $1.5 million. Gramm-Leach-Bliley Act (GLBA) can access fines of up to $100,000 per violation with officers and directors also facing personal fines of up $10,000, as well as up to 5 years in prison. FTC fines can be up to $40,000 per violation.
• Legal Costs: Legal costs can include lawsuits from affected customers or partners as well as legal fees for navigating regulatory investigations.
• Cybersecurity Improvements: Costs to improve security infrastructure and ongoing expenses for enhanced security measures must be included in your cybercrime accounting.
• Public Relations and Crisis Management: Some companies may have costs associated with managing public perception and mitigating reputational damage>
• Loss of Business and Long-Term Brand Damage: Potential loss of customers due to eroded trust. Varonis reports that some 60 percent of those surveyed experienced revenue loss, and more than half stated their brands were damaged as a result.
• Insurance Premium Increases: Cyber insurance premiums can significantly increase after an attack.

Of course, not having cyber insurance coverage can be a fatal blow for many small businesses.

What is Cyber Insurance

Cyber insurance, also known as cyber liability insurance or cyber risk insurance, is a type of insurance product designed to mitigate risk exposure for businesses by offsetting costs involved with recovery after a cyber-attack, security breach, or similar event.

As cyber attacks are becoming more sophisticated and frequent, cyber insurance can help cover the cost associated with data breaches and cyber-attacks.

Many industries require specific levels of cyber protection and in those that do not, having cyber insurance can demonstrate a commitment to protecting customer data and help maintain your business's reputation in the event of a breach.

Cyber insurance typically covers:

• Data breach expenses.
• Business interruption losses.
• Cyber extortion and ransomware payments.
• Legal fees and expenses.
• Public relations expenses.
• Data recovery and system restoration.
• Liability coverage.

In today's cybercrime landscape, cyber insurance is no longer a luxury – it’s a necessity for businesses of all sizes.

While it doesn't replace robust cybersecurity measures, it provides a crucial safety net in the event of a cyber incident.

As cyber threats continue to evolve and intensify, having comprehensive cyber insurance can mean the difference between a manageable setback and a catastrophic loss for a business.

Contact Dean & Draper today for a free risk assessment that can include the proper cyber insurance to keep your business covered.

The recommendation(s), advice, and contents of this material are provided for informational purposes only and do not purport to address every possible legal obligation, hazard, code violation, loss potential, or exception to good practice. Dean & Draper Insurance Agency specifically disclaims any warranty or representation that acceptance of any recommendations or advice contained herein will make any premises, property, or operation safe or in compliance with any law or regulation. Under no circumstances should this material or your acceptance of any recommendations or advice contained herein be construed as establishing the existence or availability of any insurance coverage with Dean & Draper Insurance Agency. By providing this information to you, Dean & Draper Insurance Agency does not assume (and specifically disclaims) any duty, undertaking, or responsibility to you.  The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.