Cybercrime victims lost more than $1.4 billion in 2017, according to the Internet Crime Complaint Center (IC3). IC3 received more than 301,580 complaints last year, an increase from 298,728 complaints in 2016. In fact, the number of complaints has been steadily increasing each year since 2013.
Cybercriminals use a wide range of ploys to steal money and information from their victims. According to IC3, these threats include ransomware, business email compromise/email account compromise and data breaches, among others.
- Business Email Compromise and Email Account Compromise: Businesses lost more than $675 million to these crimes in 2017. Although there are many variations, the fraudsters generally hack or spoof an email account, perhaps that of a CEO, CFO, law firm or other party connected to the company. Then they send an email requesting a wire transfer, a check or personal data. Believing the request to be legitimate, the recipient fulfills the request.
- Ransomware: Victims lost more than $2.3 million to ransomware attacks in 2017. This type of malware infects computers, holding the files hostage until the victim pays the ransom. Note that the criminals may not reverse the damage even after a payment is made, and the FBI does not recommend making a payment.
- Data breaches: Corporate data breaches resulted in losses of more than $60 million, while personal data breaches resulted in losses of more than $77 million.
- Other common threats to businesses include denial or services attacks and phishing attempts.
Getting Ready to Thwart Cyber Risk
Cybercriminals work hard coming up with new ways to steal from businesses, so businesses have to work equally hard to thwart them. A good cyber plan can be broken down into two basic phases: prevention and response.
Phase One: Prevention
An out-of-date computer system can become an easy target. It’s important to update systems regularly, and to use antivirus and firewall programs.
Using good technology is not enough, however. In the fight against cybercrime, any employee who doesn’t understand the risk can become a weak link. Make sure everyone knows how to avoid viruses, phishing scams, business email compromise scams, and other risks. Encourage employees to use secure passwords and to look at all incoming messages with a critical eye.
Phase Two: Response
Even with good security measures, your company may not be able to prevent all attacks. Therefore, it’s important to have a solid response plan.
Unfortunately, many businesses don’t do this. According to an article published in Risk & Insurance, many companies are aware of the cyber threat but nevertheless fail to create a cyber response plan. A good plan should involve many relevant groups, including an attorney, a public relations expert and a cyber policy insurer, and it should be tested regularly.
Having cyber insurance is an important piece of the puzzle, but understand that policies vary, and they may not cover all risks associated with computer use. Read your policy carefully and take other measures to mitigate cyber risks. Contact your BNC Insurance agent to learn more.