According to the 2018 Traveler’s Risk Index, the percentage of businesses that have been the victim of a cyberattack has doubled… and most businesses aren’t even remotely ready.
Unless you’ve been hiding under a rock, you’ve been hearing about the massive increases in various cyberattacks such as phishing and targeted attacks. The latest detail from the fine folks at Traveler’s Insurance shows a mismatched correlation between the increase in experienced cyberattacks, the assumption of pending attacks, and the ability to respond.
According to the Risk Index, 1 in 5 businesses have suffered a data breach of cyberattack. That’s double the number from 2015. Add to that the fact that over half of businesses (52%) believe it’s inevitable that they will become a victim of a cybercrime.
OK… so 20% have experienced an attack and half think it’s definitely going to happen. This would leave you to believe that organizations are ready for attack then, right?
Consider these stats from the Risk Index:
- Over half (55%) of businesses haven’t completed a cyber risk assessment
- Nearly two-thirds (62%) have no written business continuity plan
- Nearly two-thirds (63%) have not assessed the security vendors that have access to company data
- Half (50%) have no cyber insurance
At a minimum, half of all businesses surveyed are not prepared for an attack.
What’s needed – in addition to the steps implied in the data points above – is to establish a layered security strategy that addresses the common touchpoints for most cyber attacks:
- The Perimeter – the logical one, that is. Email and web access are today’s logical perimeter. Protecting employee interaction with both will lower the risk of successful attack.
- The User – Every phishing scam requires a user to intervene. Providing users with Security Awareness Training helps to lessen the likelihood they will fall for social engineering scams, phishing attacks, and other kinds of cyber attacks.
- The Endpoint – Assuming the previous two security measures fail, having some kind of AV, Endpoint Protection, etc. is best practice to monitor and detect malware.
If the Traveler’s data paints a picture of your company’s security stance, it’s time to do something about it. The 52% that think an attack is inevitable are right – be like them and begin to create your company’s security strategy.