Cyber attack is real and costly threat to small business

By Sean Banks
Business News Daily reports the average costs of a cyber attack on a small business is $38,000 ($10,000 in professional services, $5,000 in lost business opportunities, $23,000 in downtime).  Additionally, $8,000 is spent avoiding a similar future incident, and $8,653 for reputational damage.

A cyber attack is defined as “any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system or the measures taken to achieve this.  And cyber security “the state of being protected against the criminal or unauthorized use of electronic data [ie, a cyber attack].”

While the terms “cyber security” and “cyber attack” may seem matters of concern relegated to only large corporations (e.g., Sony and Target) and governments (Federal Office of Personnel Management), the Verizon 2013 Cyber Crime Survey found that 62% of breaches were targeted at small to medium sized companies, and according to the National Cyber Security Alliance, 60% of those affected will go out of business within 6 months.

Hackers, often correctly, presume fewer safeguards and a misplaced sense of security (“we’re too insignificant to be the target of a cyber attack”) in small to medium sized companies making them attractive for cyber attack, as the statistics of the Verizon report bare out. And the most direct route for hackers to enter a company’s network is through employees.  Examples of the most common means of cyber attacks, via employees, include phishing (“the activity of defrauding an online account holder of financial information by posing as a legitimate company.”), viruses attached to downloads, and open Wi-Fi access.

What can a small to medium size business do to better understand effect cyber security?

Employers, particularly those who are self-professed luddites, need to educate themselves and their employees on technology.

Assess your needs either with the help of a knowledgeable employee (if you don’t have a dedicated tech person), but ideally with a network security professional. Invest in the cyber security measures best for your business.

Create and implement policies and training that address and promote cyber security in the workplace.

Once policies and training are in place, monitor compliance.  Employees are the best situated to timely address threats and breaches in security.

Is your company safe from the financial harm of a cyber attack? Have you considered how you would react to and mitigate the loss from a cyber attack? Ensure your insurance policy can appropriately mitigate loss in the event of a breach.

Cyber security poses a tangible and immediate threat to small and medium sized businesses.  And those business can take meaningful steps to eliminate and mitigate those risks.  If you have any questions about cyber security risk, please contact our Golsan Scruggs team.