Cybercrimes are inevitable, businesses must prepare

In June of this year, JBS, the largest meat processing company, was forced to temporarily halt production in nine of its US beef processing facilities – disrupting its operations and causing an interruption in its global supply chain. The cause – a cyberattack on its servers. To restore its operations, JBS was coerced to pay the equivalent of $11m in ransom.

This is just one example of many businesses that in the past year faced serious interruptions in operations. The increasing number of professional and personal digital transactions in the pandemic has led to a spike in cyberattacks and crimes.

Across industries, cloud technology, Internet of Things (IoT) devices, and virtual servers are opening up new avenues of security breaches for businesses today. As cybercriminals continue to conduct more sophisticated criminal activities, it is triggering questions about how equipped, and prepared companies are to stop a cyber-attack. Many organisations are even lacking in ‘cyber-safe remote working environments.

Cybersecurity company, CheckPoint, examined cyberattacks in their latest Mobile Security Report 2021. An estimated 40 per cent of all mobile devices are prone to cyberattacks, many of which are used for business and personal purposes. At least one employee in 46 per cent of the companies reportedly downloaded a malicious application on their phone.

The digital landscape continues to evolve every day, instigating cybercriminals to change their strategies regularly. Financial costs of data breaches over the last few years have also been increasing steadily.

Cybersecurity today is no longer just the concern of IT teams but the business overall. Company leaders collectively need a deeper understanding of the associated cyber exposures and risks to their business. Management and boards must have broader discussions on the future of the business in a rapidly evolving digital ecosystem. Conversations, for example, around mitigating the financial and operational consequences of exposure to a ransomware attack in a business that handles sensitive financial data should be on the agenda of every leadership meeting.

When it comes to business, there are various aspects through which risk could be managed. A business can succumb to a cyberattack through various sources and not necessarily from their internal systems and breaches alone. For example, the third-party service provider has a breach because of which the business cannot operate. Recently, some retailers had to shut down because their service provider was hacked, and they could not open their cash and till boxes, which affected sales and returns. Therefore, the following are very critical for businesses to manage cyber risks:

1) Creating internal awareness within the organisation, so employees are conscious of the impact cyberattacks can have on the business
2) Ensuring the third-party service providers used by the company have robust internal systems.
3) Multiple Factor Authentication (MFA) for all business applications & devices is a must these days. Mere passwords are not good enough to protect systems, and insurers are also increasingly seeking details of MFA within organisations
4) Ensuring business software are authentic versions and updated. At times, businesses cut corners to save a few thousand dollars, but these pirated systems can cause a massive cyber breach
5) Strong internal controls, firewalls, updated software etc

As businesses become more and more reliant on technology, cybersecurity insurance is now vital for business continuity. Investments in robust security infrastructure in the face of data breaches, leaks, or ransomware attacks are only the first defence level. Today businesses need a second line of defence when the threat is ubiquitous but hidden. Cyber insurance offers a lifeline for businesses to cover unexpected cyber liability costs and even material damages caused by cybercrimes or interrupted operations, as in the case of JBS.

Today, cyber insurance is just as essential to a business as health insurance is to individuals and their families.

Rohit is the director, head of P&C – SIACI Insurance Brokers