Skip to main content

As the situation in Ukraine evolves, businesses should be mindful of potential risks to their people, assets, operations, or supply chains in the region and globally. Marsh, as part of the Marsh McLennan family of companies, has created a page with information, tools, and resources related to the Russia-Ukraine conflict. Please visit the page for the latest information.

October 6, 2019

The state of cyber security

Dan Hanson

As hackers become faster, more numerous, and more effective, many companies are struggling to protect their websites from cyber-threats:

  • 360,000+ new malicious files detected every day
  • 1,188,728,338 known attacks on computers in 2017
  • $6 trillion in cyber-crime damages to businesses expected by 2021
  • $1 trillion+ in global spending on cyber security by 2021

So, what does the world of cyber-crime and cyber security look like today?

Relaxing is not an option
Companies today need to continually make it harder and harder for criminals to get access and information they can monetize or use for espionage purposes. They need to make use of technologies that make it extremely difficult for criminals to commit fraud, including chips, PINs, contactless-enabled POS terminals. The trick is to make the criminal change tactics and ensure that the integrity of your firewall protection is as strong and secure as possible.

Everyone is at risk
No industry is secure. According to the Verizon Data Breach Survey 2018, that includes government/public administration; retail; professional, technical and scientific services; manufacturing; information collection and distribution; healthcare; finance; insurance; education; and travel, hospitality, restaurant and foodservice.

That said, the Verizon Survey discovered that 58 percent of all victims could be categorized as small businesses. 24 percent of breaches affected healthcare organizations. And a growing list of breaches are occurring in the public sector, including municipalities and schools.

Who’s responsible for attacks on business?
According to the Verizon Survey, 73 percent were perpetrated by outsiders (a full 50 percent of breaches carried out by an organized crime group) and 28 percent involved someone on the inside – and that number appears to be growing.

Most common tactics
48 percent of all breaches featured hacking with 30 percent including malware. 49 percent of malware was installed because of malicious emails.

What are they after?
The Verizon Survey reported that 76 percent of all breaches were motivated by financial gain. And a growing target for that is healthcare information. According to CHUBB and Carnegie Melon, social security numbers are worth approximately 10 cents each on the dark web and a credit card number will fetch 25 cents. But healthcare records can be worth up to $1,000. Medicare and Medicaid fraud can be very, very profitable.

Mobile malware is on the rise and, although much of it is a nuisance rather than true cyberattacks, the potential for infection exists. So everything must be looked at as a possible attack. And ransomware – where documents and systems are literally held hostage until payment is made – is the top variety of malware.

The insurance side of the cyber problem
Currently the market is flat or even somewhat soft as far as pricing goes. A lot of carriers have entered the market in the past year or so, literally tripling the pool of available options. Coverage is expanding, including options such as business interruption and reputation protection that weren’t available even two years ago.

MMA has discussed this with a lot of other brokers and a wide selection of carriers, and most industry experts are waiting to see which carriers will survive, where rates will wind up, and what effect the recent huge claims activity will have on the market before assessing where the best values will be. That’s why it pays to have a good broker that knows the market and can help you better understand where risk is lurking and what solutions will best benefit your company.

15 best practices to protect against attacks
Organizations must make website security a critical priority. It’s crucial that every IT department understands all of the potential risks. With that in mind, here are 15 best practices your IT department should leverage to help protect your organization:

  1. Keep software updated
  2. Protect against cross-site scripting (XSS) attacks
  3. Protect against SQL attacks
  4. Double validation of data
  5. Don’t allow file uploads on your website
  6. Maintain a robust firewall
  7. Maintain a separate database server
  8. Implement a Secure Sockets Layer (SSL) protocol
  9. Establish a strict password policy
  10. Use website security tools
  11. Create a data breach response plan
  12. Set up a backend activity log system
  13. Maintain a fail-safe backup plan
  14. Train your personnel
  15. Make sure your partners and vendors are secure

MMA can help
For more information on cyber risks and cyber liability insurance, visit MMA’s Cyber Liability Online Resources or contact Marsh & McLennan Agency. We can help organizations assess and handle their risk management.