For one thing, technology is an inescapable reality of every business. Even the smallest of mom and pop shops have an electronic system to make credit card transactions, while larger corporations rely on immense data centers to safeguard thousands to millions of personal records. As technology continues to permeate throughout the business world, managing cybersecurity risk is at the top of the list.
But what are the risks associated with cybersecurity and what impact do they have on the average business?
There are of course risks like system downtime, human error, and other business continuity concerns that can cause a costly domino effect on other parts of the business. There is also the risk of regulatory non-compliance which can result in lofty financial damages. But what about the less tangible effects of IT disruption and data compromise, such as reputational damage?
According to a study by PwC, 60% of consumers hold the companies who collect their data wholly responsible for its protection. 87% of consumers say they will take their business elsewhere if they don’t believe a company is handling their data responsibly. These statistics show that the public’s expectation for data protection is extremely high. Therefore, there is a large potential for reputational fallout.
Advances in technology have not only increased cybersecurity risks, but have connected consumers, investors, and regulators – the three constituents that stand to greatly impact a business. Consumers have leveraged social media and fast-paced news outlets to make their expectations clear. Investors can now be immediate witnesses to consumer outrage when expectations are not met, which in turn affects their behavior. Regulators and law makers, while not as quick to react to scandal, are also on the watch and are ready to protect their citizens’ rights, as we can see with the European Union’s GDPR regulation.
The following infographic provides more facts and figures on the current state of cybersecurity risk:
Although the facts and figures surrounding cybersecurity risk are daunting, there is good news. We believe 100% of cyber attacks are entirely preventable with an effective risk management program and infrastructure.
Here are some steps your company can take to get ahead of cybersecurity risk:
1. Ensure off-site backups are up to date
Backing up data with off-site servers is widely considered a best practice. Every organization and industry must determine the optimal frequency and scope of data backups, which depends on the type of information being handled.
Studies have shown that anywhere from 10-15% of critical organizational data – scheduled for backups – is not actually backed up due to preventable, operational errors. Without backup verification, ransomware attacks can have an enormous impact on business continuity.
2. Implement patches and virus scan software updates as they’re released
Employees around the world are using computers that simply need to be updated. Your security team likely assesses and approves patches and updates on a regular basis. However, are implementations regularly verified? As many as 30% of patches fail to deploy. Without governance (in this case, regular reviews of actual patch deployment), you might have an inaccurate understanding of which vulnerabilities are covered.
3. Manage passwords and access rights
Most organizations have internal password policies, but not an efficient way to operationalize them. Automated governance tasks – such as monitoring the percentage of employees maintaining access rights policies – is an essential to staying ahead of cybersecurity risk.
Without regular monitoring, the evolution of employee roles and organizational structure can lead to unnecessarily high risk exposure. The technology to accomplish this step exists at most every organization. Usually, the missing component is effective governance in the form of recurring risk assessments and control monitoring.
Taking these simple steps will put your company at a huge advantage. It’s often the case that hackers aren’t trying to spend inordinate amounts of time and energy to break into a secure system; they’re looking for the lowest hanging fruit. When it comes to cybersecurity, you don’t have to outrun the bear.
While cybersecurity is and will continue to be top of mind for companies and consumers alike, risk managers should take comfort in the fact that there is a solution. Better yet, the solution doesn’t entail huge investments in technology; rather, all it requires is good governance and a proactive mindset.