Over the last decade, the importance of data security has become glaringly obvious. The data that your business collects, whether internally or around customers, is now an incredibly valuable resource. The value of data isn’t exclusive to the businesses that create said data, however, and there are those in the world that are more than ready to try and acquire your data to use as they wish. While data security breaches are obviously detrimental to a business’s bottom line, the damage that a serious data leak can have on a company goes far beyond the initial financial losses.
Ways Companies Are Compromised
While Hollywood movies would have you believe that the majority of cyberattacks are committed by a lone-wolf hacker with a genius-level IQ who is able to bypass any form of cybersecurity, often the truth is more mundane. While ransomware and supply chain attacks that install malware on a company’s systems in order to access or hold data hostage are a current reality, many malicious cybersecurity threats are not so precisely implemented.
A business is just as likely to have their cybersecurity circumvented by someone employing simple social engineering tactics as they are by more malicious software. For example, employees within a company can be easily fooled through social manipulation, such as someone posing as the CEO and sending an email urging the employee to change their password to something predetermined by the email, potentially offering the scammer access to a business’s systems. This can go easily unnoticed by the employee as the email address used by the impersonator usually looks almost identical to the email addresses of their employers.
Other methods include phishing, which can also fool anyone within a company into clicking on malicious links from what appears to be an authentic website or email, or even simple password guessing on the part of the would-be hacker can be enough to cause serious damage. Cybersecurity threats can also not be immediately apparent, such as if a hacker has installed keystroke recording software onto your company’s computer, gaining access to sensitive information like passwords and account numbers over time.
The Real Cost of a Data Breach
From 2013 to 2014, Yahoo experienced the largest data breach of the 21st century with 3 billion user accounts being compromised. This massive data breach, which compromised users’ passwords, birthdates, real names, and email addresses, ended up reducing the sale price of Yahoo by over a quarter of a billion dollars. While there are usually significant monetary losses associated with cybersecurity breaches, the bigger issue lies in the hit to public and customer confidence.
The biggest issue with Yahoo’s data breach, other than the breach itself, is the fact that the company did not disclose that its users’ personal information had been compromised until 2016. One of the very first things that a company should do if they are hacked is to inform users of the extent of the situation so that they can take appropriate action — especially if personal information was taken that could lead to identity theft of similar repercussions.
Yahoo’s overall company value obviously suffered from the breach, on top of taking a major hit to their public image. While companies can be damaged by scandals even if they handle everything appropriately, not following proper procedure after a breach loses the overall confidence of not only consumers, but also current and potential employees. This damage is largely mitigated by companies that implement cyber insurance policies, and while Yahoo is a worst-case example, it goes to show just how negatively a data breach can affect a business.
This breach happened nearly 7 years ago, but do you use any yahoo products today? Do you have a yahoo email address? I’m guessing you probably don’t.
Prevention and Insurance
Many business owners might be wary of cyber insurance, wondering whether they actually need it or if it’s just another expense they may never end up using. Regardless of how likely a business owner assumes an attack on their company will be, cyber insurance works to help with business continuity in the event that a breach does occur, keeping a business operational when it would otherwise be hamstrung by a cybersecurity breach. Cyber insurance does not absolve a company from taking other cybersecurity measures, however, as it is important that a business owner does everything in their power to prevent a breach from occurring in the first place.
Even small businesses can benefit from cyber insurance, perhaps especially so, since smaller businesses are uniquely vulnerable to a hit on their reputation, and might not recover from the damage that a data breach can cause like a bigger company with more assets. Large or small, businesses should approach obtaining cyber insurance as they would any other insurance policy that helps to protect their company from liability and damage due to unexpected events. While a data security breach is not a flood or a wildfire, the potential damage it can cause can rival similar disasters.
It is important as a business owner that you go into acquiring cyber insurance with a base knowledge of what you need and want your policy to cover. Even more, familiarizing yourself with your cyber insurance provider about what types of incidents are covered, if any specific incidents are excluded from coverage, expected response time, whether there is flexibility if you want to modify coverage, or if there are any regional restrictions to the policy is just good business sense.
Like anything in life, data breaches can be unpredictable. Knowing how to avoid some of the common ways that breaches occur, the true damage that these data breaches can cause, and what you can do about it as a business owner can be the difference between success and failure.
The original version of this article was first published on Converge.