Myth #1: We really don’t have any confidential information to protect.
You might think an old-line manufacturing company has little or no exposure to a network security event. However, they more than likely hold data on their current employees, and probably have information on employee prospects as well as recently-terminated employees. They also likely hold the design plans of key customers, acquisition targets and partners. Virtually any business has billing records of many customers on hand, which often contains sensitive data.
Myth #2: We use a third-party vendor so we do not have the exposure.
Using a third-party vendor may actually present additional exposure to your business. As your systems link with other systems and connect with other companies’ data, you take on the added exposure of potentially corrupting or breaching the data of multiple businesses due to your processes and your people.
It’s also important to fully understand the indemnification agreements and hold-harmless contractual wording in place with the third-party vendors, and to verify that they have adequate resources, including insurance, to back their indemnification obligations to your business.
Myth #3: Our IT Department assures us that we do not have any exposure.
Consider the recent Sony case. This is an example of a large, sophisticated company with the latest and greatest technology protection that was hacked with apparent ease. Businesses with the best controls still have data breaches. You can’t engineer the people-factor out completely: Laptops get stolen, and PDAs get left in airports.
There have been reports of the FBI, the State Department and multiple Fortune 500 companies being hacked despite sophisticated control measures and teams of people working to protect their systems. An IT manager who says their systems are impenetrable is either extremely naive or horribly overconfident.
Myth #4: Hackers only attack large companies.
A new 2016-2017 Radware’s security report found that 98 percent of organizations survived the cyber-attack in 2016. Thirty-one percent of these attacks were committed against small and medium-sized businesses with less than 250 employees. Visa Inc. estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers.
For more information, please contact your local Marsh & McLennan Agency representative or visit: marshmma.com/cyberliability