If you are a small business owner, you might think your company is an unlikely target for a cyber-attack. After all, few criminals will bother attacking a little firm like yours when they can go after a big bank or insurance company, right? Unfortunately, the answer is no. Criminals attack small business more often than you might think.
The most worrying part of that statement, is the fact that a very small number of companies are prepared for an attack of this magnitude against their firm. But it is not the fault of small business owners that this is the case. Cyber-attacks against big companies are well publicized by the news media, while attacks against small firms generate little attention. This can give small businesses a false sense of security. Yet, small firms are generally more vulnerable than large ones because they have fewer resources to devote to security. Thieves often take the path of least resistance, and small companies' systems are often easier to penetrate than those of large firms.
Types of Attacks:
A cyber-attack may involve a hacker, a virus, malware, phishing or other activity on your computer system. Attacks can come from inside or outside your company. Inside attacks are often perpetrated by unscrupulous employees. Outside attacks may be committed by criminals located almost anywhere in the world, or sometimes even corporate spies.
A cyber-attack can be devastating because a single event can impact a business in many ways.
Loss or Damage to Electronic Data: A cyber-attack can damage electronic data stored on your computers. For example, a virus damages your sales records, rendering them unusable. Recreating them is a time consuming process that involves sifting through old invoices.
Extra Expenses: A cyber-attack may cause you to incur extra expenses to keep your business operating. For instance, a hacker damages two of your computers, forcing you to buy two new laptops so you can keep your business.
Loss of Income: An attack may also cause a loss of income. For instance, a denial of service attack makes your computer system unavailable to customers for two days. You are forced to shut down your business during that period, and your customers go to your competitors. The two-day shutdown causes you to lose income.
Network Security and Privacy Lawsuits: A cyber thief may steal data stored on your computer system that belongs to customers, suppliers and other parties. These parties may sue your firm. For example, if you are in the legal field, a hacker steals information about a customer's upcoming merger. The merger falls through due to the data theft. The customer sues you for failure to protect its data, alleging that your negligence caused the company to incur a financial loss.
Extortion Losses: A hacker steals sensitive data (yours or someone else's) and then threatens to post it on the internet or simply restrict you from accessing it, unless you pay him a R10000 ransom. Alternatively, you accidentally download ransom ware by opening infected email. The malware encrypts your data, rendering it unusable. The perpetrator then demands a ransom payment in exchange for an electronic key that allows you to "unlock" the encrypted files.
Damage to Your Reputation: A cyber-attack can seriously damage your company’s reputation. Potential customers may avoid doing business with you, believing you are careless, your internal controls are weak or that an association with you will damage their reputation.
Risks of Using the Internet
Like many small businesses, your firm probably uses the internet. Perhaps you maintain a company website that you use to advertise products or educate potential clients about your industry. Maybe you sell products or offer a service that customers can purchase online. Any of these activities can generate cyber risks.
Information you post on the internet may be a source of lawsuits against your firm. For instance, a competitor alleges that you damaged the name of his company in an ad you posted online. Alternatively, an industry rival claims that you infringed on his firm's copyright, trademark or other intellectual property right.
Little Coverage under Insurance Policies
Most standard property and liability policies provide minimal, if any, coverage for the types of risks described above. A major problem with commercial insurance policies is that they exclude electronic data under the definition of covered property. While they may provide a small amount of coverage for damage to data caused by viruses and other perils, they do not generally cover losses involving hacking or extortion.
General liability insurance policies mainly cover claims alleging bodily injury or property damage. Most cyber-attacks do not result in bodily injury or property damage, as these terms are defined in the policy. In addition, liability policies contain exclusions that eliminate coverage for many potential cyber claims. For example, Coverage A (Bodily Injury and Property Damage Liability) excludes damage to electronic data. Coverage B (Personal and Advertising Injury) excludes infringement of copyright, patent, trademark or trade secret.
As you can see, relying on standard insurance policies as your main source of protection against cyber-attacks is a bad idea. Therefore it may be a worthwhile idea to speak to your insurance companies and also your IT departments/consultants on coverage and protection of cyber-attacks. It may not happen to you or your company at any point, but if it does, it’s always best to be prepared for it.
Contact us today for suggestions of the products that would work best to protect your business .