The Importance of Cyber SecurityE
very year marks another “worst year ever” for cyber attacks around the world, and Canadian companies haven’t been immune to those hacks.
Globally, the number of cyberattacks doubled in 2017 according to the Online Trust Alliance (OTA), a subsidiary of the Internet Society, a decades-old global non-profit that promotes the open development, evolution, and use of the Internet.
Organizations of all sizes, in virtually every industry on earth, were hit by cyberattacks. From shipping giant Maersk, to the ride sharing giant Uber, all the way to Equifax, a credit rating agency regarded as one of the largest holders of private customer data in the world.
In Canada alone, Statistics Canada revealed that Canadian businesses had spent $14 billion on cybersecurity in 2017, and more than one in five Canadian companies say they were hit by a cyberattack that year.
The stats have shown that the larger the business, the more susceptible they are to an attack.
Companies with 250 or more employees were revealed to be more than two times more likely to be targeted for an attack as companies between 10 and 49 employees.
Of course, the bigger the company, the greater the cost of downtime caused by an attack. Considering that that average downtime per company was estimated to be 23 hours in 2017, the monetary cost of each inoperable hour could be devastating.
In fact, IBM recently estimated that the average financial impact of a data breach is about $3.8 million, but for companies at the enterprise level with at least a thousand employees, it can reach 10x or even over 100x that number.
Although the monetary cost of a data breach is a significant problem, the effect on the brand is a whole other story. That’s especially true in sensitive industries where an attack can shake customer faith in brands and entire market segments.
Banking, for example, experienced a large impact from the first attacks to ever hit Canadian financial institutions. In 2017, the Bank of Montreal and Canadian Imperial Bank of Commerce lost the data of nearly 90,000 customers to hackers.
The story swept across Canadian news media and painted a dark picture of the banking industry’s ability to deal with cyberattacks now and in the future. With threats, risks and customer awareness of the problem growing daily, it’s no wonder companies are now scrambling for insurance that hedges against the potential catastrophic effects of a cyberattack.
Still, even with these facts, a recent study found that 84 per cent of Canadian executives believe their organization was “better than average” or a “top performer” when it came to cybersecurity matters.
Of course, both things can’t be true. 1 in 5 companies cannot be getting attacked online, and still have 85% companies performing ‘better than average’ or even at the top of the pile. The reality is that many executives just don’t understand what they’re up against.
For that reason, insurance companies like Chubb, the world’s largest publicly traded property and casualty insurance company, are becoming more than just a partner to turn to when things go wrong. Instead, they are preemptively building better ways for their clients to prepare for and ultimately deal with the potentially existential threat.
For Chubb, tools like their Cyber Index, provide companies with real time access to proprietary data and gives them insight into current cyber threats, with the goal of helping to protect those companies against an attack.
Even before that becomes necessary, Chubb is helping companies to proactively defend against cyberattacks, rather than sit back and simply clean up after the fact. That’s why they’re doing things like developing secure password management systems for client partners and even training employees to identify potential cyber threats, protect sensitive data, and escalate issues to the right people when appropriate.
That’s all part of the modern cybersecurity insurance offering because in the world of cyber, the most innocent actions can be devastating. Even an everyday occurrence as harmless as an employee clicking a link in an email could actually open the doors to a complex phishing attack disguised as a bank notification. In the modern online world, danger is literally lurking in every email, and unless your employees know what to look for, their actions can set off catastrophic effects.
The good news is that it’s estimated that 93% of all breaches can be avoided if simple steps are taken. That’s why the preemptive programs introduced by Chubb are so critical to avoiding massive problems down the road.
From regularly updating software, training employees on the ins and outs of email phishing campaigns, and implementing two-factor and email authentication, there are many effective ways of preventing cyberattacks, and all it takes to start is the realization that no company, or nation, is immune to hacking.