Financial Poise
threat of cybercrime

The Real and Rising Threat of Cybercrime for Small and Mid-Sized Businesses

For the Threat of Cybercrime, Get a Cyber Liability Policy

If cybercrime were a nation state, it would be the world’s 13th-largest by GDP, just ahead of Australia. The threat of cybercrime can take many forms – from hijacking sensitive robotics to holding consumer data at ransom – and the impact to your operation (and reputation) can be crippling.

To better understand how big the threat of cybercrime is becoming, consider these statistics:

  • In 2015, the cost of global ransomware, one of the fastest-growing pieces of cybercrime, was $325 million

NOTE: By 2017, this number had multiplied to $5 billion. By 2020, it will more than double to $12 billion

  • In 2017, the WannaCry ransomware worm held companies – large and small – to, in many cases, more than $100,000 in ransom
  • More than 4,000 ransomware attacks happen daily – or once every 22 seconds

NOTE: By 2020 a ransomware attack will happen every 14 seconds

  • According to Microsoft, 20% of small to mid-sized businesses have been cybercrime targets

You’re Never Too Small for the Threat of Cybercrime

While Fortune 500 companies have the resources to stay ahead of cybercrime, small to mid-size businesses are often woefully behind in cybersecurity practices and are increasingly easy targets for criminals.

Has your current insurance agent tried to sell you Cyber Liability Insurance (shame on them if they haven’t)? Did you say, “We’re all good. Our IT people have us covered”? While your IT team may be great at IT, the likelihood they are truly protecting you from the threat of cybercrime is slim.

Think you’re not a target? In the global cybercrime game, the scale of your business is less important than your data (and how easy it is to get it). So, while you may feel “off the radar” given your size, if your data is critical to running your business, you’re likely already a target.

[Editors’ Note: If you’re on a Board of Directors, read about specific cybersecurity measures you should be taking in “Cybersecurity Challenges for Boards of Directors”]

For example, let’s say your professionally done website, which supports claims of your company being the industry leader, lets everyone know you’re killing it, including the hackers. Your awesome website tells them you’ve got money that belongs in their pocket.

think you’re not a target? In the global cybercrime game, the scale of your business is less important than your data (and how easy it is to get it). Click To Tweet

You run cold backups (the best tape protocol) and have off-site redundancy, firewalls, anti-____ software. You’re impenetrable to the threat of cybercrime.

Not really. It’s already happened. If you think it hasn’t, you’re wrong. The hackers just didn’t get to anything worth stealing, or your IT guys did their job and thwarted the attack.

The Proverbial Trojan Horse

Let’s talk ransomware, the most common threat of cybercrime. Consider this scenario:

Let’s pretend someone in accounting gets an invoice from a customer with a complaint, they “click” and open the invoice. It’s not even your company’s invoice, so they delete it. No harm, no foul. All is still good.

However, the Trojan Horse is now within city walls. Just as the Greek warriors lay waiting patiently, today’s hackers have similar patience. They wait and watch. They learn your backup systems and protocols. They wait some more. Then the “blue screen of death” scrolls across all your computers with the message, pay $XX,XXX in the next 24 hours to get your data back or the price will multiply and continue to do so every 24 hours.”

Now, you face the dilemma – pay the ransom to restore 3 weeks of lost data, or cease operations to recreate the lost 3 weeks of data.

No problem – your IT people go to the redundancy, but it’s infected. No need to panic, they go to the tapes. They go back 1 day, but the tape is infected. So they go back a few days, yet that copy is also infected. The hacker has infected back-ups for 3 weeks.

Now, you face the dilemma – pay the ransom to restore 3 weeks of lost data, or cease operations to recreate the lost 3 weeks of data. The costs of either option are often debilitating. In too many cases, it’s enough to put the company out of business.

Mark Anderson of the IT company, Anderson Technologies, says on the subject, “All it takes is one wrong click from an employee to compromise your entire system. Teach everyone to think twice before opening an attachment or clicking a URL, even if it appears to be from someone they trust.”

Defense Better than the NFL

Even the greatest NFL defensive lines of all time let some get through. They can’t buy insurance to protect against those scores, but you can. A Cyber Liability Policy can give you the coverage on:

  • Lost revenues
  • Cost for an all-out data reconstruction effort
  • Bodily injury (think of robots being hacked)
  • Ransomware payoff

The good news is, the more you’re doing up front to protect your data and systems from the threat of cybercrime, the less you’ll pay to have this line of defense against the 13th-largest economy!

[Editor’s Note: For more on cybersecurity, read “How to Protect Your Password: 4 Tips”]

About Gary Kirshenbaum

Gary Kirshenbaum is the Director of the Global Trade Risk Management division (AGT) and a Vice President at Alper Services. Under his guidance, AGT provides companies the ability to strategically manage their commercial trade risk, both domestic and export, as well as to mitigate political risk involving international business investments. Alper Services is a Chicago-based…

Read Full Bio »   •   View all articles by Gary »

Article Comments