The Threat of Cybercrime for Small and Midsize Business

For the Threat of Cybercrime, Get a Cyber Liability Policy

Cybercrime is an umbrella term for any criminal activity that uses or targets a computer. The threat of cybercrime can take many forms—from hijacking sensitive robotics to holding consumer data at ransom—and the impact to your operation (and reputation) can be crippling.

If cybercrime were a nation state, it’s predicted that it will be the world’s third largest in 2021 by GDP, just after the US and China.

To better understand how big the threat of cybercrime is becoming, consider these statistics:

• Cybersecurity Ventures predicts that a ransomware attack will occur on businesses every 11 seconds by the end of 2021 and reach damages of $10.5 trillion USD annually by 2025.
• More than half of small to midsize businesses are victims of cyberattacks, and 60% of them go out of business within six months of a data breach or hack.
• On average, only 5% of companies’ folders are properly protected, according to a global data risk report by Varonis.

And with remote work becoming more normalized, there are additional cybersecurity threats to small businesses. Alissa Abdullah, the former deputy CIO under the Obama administration, tells MIT’s Sloan School of Management: “Hackers have also started attacking collaboration platforms—a data breach affected more than 500,000 Zoom users in April [of 2020].  The pandemic and shifting to remote work ‘has changed the adversary’s opportunities, and shifted their focus on some of the other tools that we’re using.’”

What Kinds of Cybercrime Exist?

You’ve probably heard of or seen the obvious emails asking for highly personal information, often targeting the elderly and vulnerable. You’ve probably also heard of typical identity theft or insurance fraud. But cybercrime against small businesses can be much harder to detect and prevent. What kinds of cybercrime exist?

Here are a few examples.

• Phishing—Often in email form, recipients are often shared a link or an attachment that can hack their computer and their data. Hackers will go so far as to use legitimate company logos or fake email addresses.
• Fraud—Just as a hacker can hack your personal account or credit card information and make charges on your behalf, a hacker can do the same to your business, using either your personal data or your customers’ information.
• DDoS Attack—This form of cybercrime bombards an online site with fake traffic in order to take down the network and gain access to valuable information.
• Ransomware—A type of malware, ransomware encrypts data on a computer and demands “ransom” in order to unlock the device.

As technology advances, so do forms of cybercrime. Even cryptojacking, where hackers mine cryptocurrency using someone else’s computer, is possible.

You’re Never Too Small for the Threat of Cybercrime

While Fortune 500 companies have the resources to stay ahead of cybercrime, small to midsize businesses are often woefully behind in cybersecurity practices, making them easy targets for criminals.

Has your current insurance agent tried to sell you cyber liability insurance (shame on them if they haven’t)? Did you say, “We’re all good. Our IT people have us covered?” While your IT team may be great at what they do, the likelihood they are truly protecting you from the threat of cybercrime is slim.

Think you’re not a target? In the global cybercrime game, the scale of your business is less important than your data (and how easy it is to get it). So, while you may feel off-the-radar given your size, if your data is critical to running your business, you’re already a target.

For example, if your website supports claims that your company is an industry leader, everyone will know you’re killing it, including the hackers. Your website is inadvertently telling hackers you’ve got money that belongs in their pocket.

If you think running cold backups (the best tape protocol), having off-site redundancy, firewalls and anti-virus software makes you impenetrable to cybercrime, then you’re wrong

The hackers just didn’t get anything worth stealing, or your IT guys thwarted the attack.

Ransomware: The Proverbial Trojan Horse

Let’s talk about ransomware, the most common threat of cybercrime.

Consider this scenario:

Let’s pretend someone in accounting gets an invoice from a customer with a complaint. They click and open the invoice. It’s not even your company’s invoice, so they delete it. No harm, no foul. All is still good.

However, the Trojan Horse is now within city walls. Just as the Greek warriors lay waiting patiently, today’s hackers have similar patience. They wait and watch. They learn your backup systems and protocols and wait some more. Then the blue screen of death scrolls across all your computers with the message, “Pay $XX, XXX in the next 24 hours to get your data back or the price will multiply and continue to do so every 24 hours.”

No problem. Your IT people go to the redundancy, but it’s infected. No need to panic.  They go to the tapes. But the tape is infected. So, they go back a few days, but that copy is also infected. The hacker has infected backups for up to three weeks.

Now, you face the dilemma: pay the ransom to restore three weeks of lost data, or cease operations to recreate the weeks worth of lost data. The costs of either option are often debilitating. In many cases, it’s enough to put the company out of business.

Cyber Liability Insurance: A Defense Better than the NFL

Even the greatest NFL defensive lines of all time let some get through. They can’t buy insurance to protect against those scores, but you can. A cyber liability policy can cover:

• Lost revenues
• Cost for an all-out data reconstruction effort
• Bodily injury (think of robots being hacked)
• Ransomware payoff

The good news is, the more you’re doing up front to protect your data and systems from the threat of cybercrime, the less you’ll pay to have this line of defense against the third-largest economy!

---

[Editors’ Note: To learn more about this and related topics, you may want to attend the following webinars: Introduction to US Privacy and Data Security: Regulations and Requirements and Data Breach Response: Before and After the Breach. This is an updated version of an article originally published on August 22, 2018.]

©All Rights Reserved. May, 2021.  DailyDAC^TM, LLC d/b/a/ Financial Poise^TM