Would you recognize a cyber attack if it happened at your company?
One company became a victim when a cyber criminal infected it with a ransomware virus, taking its servers hostage and holding them for ransom. Another was attacked by an organized gang of cyber criminals that planned a complex social engineering scheme to steal customer credit card information by impersonating a third-party vendor and installing malware.
Such attacks are becoming more common and can potentially cripple a company’s work and reputation — forcing it to pay hundreds to thousands of dollars. More than 20 percent of cyber attack victims spent at least $50,000 and took longer than six months to recover, according to Nationwide’s third annual survey of business owners. But 7 percent spent more than $100,000, and 5 percent took a year or longer to rebuild their reputation and customer trust.
“Cyberattacks are one of the greatest threats to the modern company,” said Mark Berven, president of Property & Casualty for Nationwide. “Business owners are telling us that cybercriminals aren’t just attacking large corporations on Wall Street. They’re also targeting smaller companies on Main Street that often have fewer defense mechanisms in place, less available capital to re-invest in new systems and less name recognition to rebuild a damaged reputation.”
Nationwide’s survey found that 13 percent of business owners said they experienced a cyber attack. However, that number jumped to 58 percent total when owners were shown a list of attacks (see infographic) revealing a 45 percent gap and lack of understanding about what constitutes an actual attack.
Part of the problem facing a business’ ability to recover from an attack is that a majority of owners are not prepared. In fact, 57 percent of owners do not have a dedicated employee or vendor monitoring for cyberattacks — and therefore, could be victims without even knowing it.
Further, most don’t have a cyber attack response plan in place (76 percent), a plan in place to protect employee data (57 percent), or a plan to protect customer data (54 percent). Threats continue to grow as more companies are now frequently using new technologies such as the Internet of Things (37 percent) and Artificial Intelligence (24 percent) in a potentially unprotected environment.
While the vast majority of business owners say it’s important to establish cyber security best practices recommended by the U.S. Small Business Administration, fewer report actually following those best practices:
- Protect against viruses, spyware and other malicious code: 85 percent versus 65 percent
- Secure your networks: 85 percent versus 58 percent
- Make backup copies of important business data and information: 85 percent versus 59 percent
- Establish security practices and policies to protect sensitive information: 83 percent versus 50 percent
- Control physical access to computers and network components: 81 percent versus 60 percent
- Require employees to use strong passwords and to change them often: 80 percent versus 52 percent
- Educate employees about cyber threats and hold them accountable: 76 percent versus 42 percent
- Protect all pages on public-facing websites, not just the checkout and sign-up pages: 74 percent versus 42 percent
- Employ best practices on payment cards: 73 percent versus 47 percent
- Create a mobile device action plan: 64 percent versus 26 percent
To learn more, visit Nationwide’s blog page or take the cyber insurance quiz. You can also access more tips and resources from the U.S. Department of Homeland Security during National Cyber Security Awareness Month.