2022 saw an increase in ransomware attacks, where data is encrypted and held for ransom. And these attacks are no longer limited to single bad actors hacking from their basement. It has become a criminal enterprise, with the average cost of a ransomware payment at $570,000.
“There’s significant financial motivation, largely due to cryptocurrency. Before, there wasn’t a good way to extract money from people,” said Jorel Van Os, Chief Information Security Officer at Acrisure. “Now the bad actors are businesses with HR departments, hierarchies and operating hours. And they have good customer service! They want to make it easy to pay the ransom.”
Below are questions small business owners should ask themselves about cybersecurity heading into the new year.
Can My Business Survive 25 Days of Disruption?
Ransomware attacks disproportionately impact smaller companies and the fallout can be devastating.
The average disruption to business for smaller organizations is 25 days. In addition to quantifiable losses like revenue and headcount, there are subsequent losses in reputation and consumer confidence as well. Unfortunately, 60% of small businesses cannot sustain this disruption and go out of business within six months following a cyberattack.
The key to preventing ransomware attacks is to install protection before an event happens, such as Endpoint Detection & Response (EDR) and Multi-Factor Authentication.
What is Multi-Factor Authentication and Does My Business Need It?
Multi-Factor Authentication (MFA) prevents unauthorized users from accessing data by requiring two or more pieces of evidence to confirm user authenticity. Many applications and online accounts such as email require MFA to avoid a breach if an unauthorized user gains access to something like a single password.
MFA is critically important for any business that handles personal, financial or health information. In other words, all businesses!
While it is best practice for many online resources to require MFA, most organizations have some on-premise infrastructure that is also vulnerable to threat actors, like remote network access and physical workstations. In response, many cyber insurance carriers now require proof of online AND on-premise MFA protection to gain coverage. To address this, Acrisure Cyber Services partnered with Silverfort to seamlessly extend MFA across all technology resources.
“Driven by a rising number of attacks through unprotected technical resources, many policies now require far more comprehensive identity protection and access controls,” said Hed Kovetz, CEO and Co-Founder of Silverfort.
Can My Business Provide Proof of Security and Controls for Insurance Coverage?
Cyber insurance carriers are overwhelmed with submissions, renewals and claim activity. This has led to increasing premiums and a hardening market that is taking a much closer look at ALL the protections and controls businesses have in place.
“Many cyber carriers are not renewing accounts without Multi-Factor Authentication, Endpoint Detection & Response solutions and segregated backups in place,” said Jackie McMullen, Vice President, Professional & Cyber Liability Broker at Acrisure Partner Founders Professional. “We not only help implement the proper cybersecurity measures, but we also ensure that that the cyber insurance application properly reflects these measures for successful coverage.”
I’m Ready to Protect My Business – What’s Next?
Cybersecurity is not just something you invest in once and then you’re done. Risk is always evolving, and your protection should too.
Acrisure Cyber Services has developed a 360-degree solution to help you:
- Protect your business from a cyberattack
- Lower costs through our reseller agreements with providers like Microsoft and IBM
- Get back up and running as soon as possible in case of an event
“It’s not just about cyber insurance. And it’s not just about cyber security,” said Bill Meara, President of Acrisure Cyber Services. “It’s cybersecurity, IT infrastructure management and cyber insurance working together as one. This creates true cyber resilience.”Important Information:
For additional information, please visit our website at Acrisure.com. Products or services identified herein may not be available in all jurisdictions. The information and descriptions contained herein (a) are not necessarily intended to be complete descriptions of all applicable terms, conditions, and exclusions of the policies referenced, (b) are provided solely for general informational purposes, and (c) should not be viewed as a substitute for legal, regulatory, or other advice on any particular issue or for any particular reason. The advice of a professional should always be obtained before purchasing any insurance product or service, and you should not rely on the information provided herein for the prevention or mitigation of risks or as a full and complete explanation of coverage under any insurance policy. While the information contained herein has been compiled from sources believed to be reliable, no warranty, guarantee, or representation, either expressed or implied, is made as to the correctness or sufficiency of any representation contained herein.
© Acrisure, LLC. All rights reserved.
American Public Entity Programs, LLC are public sector insurance professionals specializing in the underwriting, risk management, and marketing for public entity risks. We are a strategic trading partner of Acrisure and have been designated as a double Acrisure Circle of Excellence wholesale broker. For more information, visit https://americanpublicentity.com/