It may seem startling to learn but essential industries appear woefully prepared to survive a cyber-attack. Critical alerts were repeatedly issued during the initial surge of the pandemic, and splashy headlines flooded social media platforms. Despite wide-reaching warnings, a staggering number of companies have not taken fundamental steps to improve readiness.
Data uncovers startling vulnerabilities
A WSJ Pro Research study polled 400 information security officers to create a microcosm view of current cybersecurity. The survey highlights the types of organisations that appear unprepared, reasons for their vulnerability, and critical next steps. This is a snapshot of the findings.
- Almost 80 per cent of organisations considered ransomware a critical threat. However, less than 70 per cent believed they were prepared for such an attack.
- Less than 66 per cent of manufacturing and retail outfits have a cybersecurity strategy.
- Government agencies ranked among the least prepared to defend against a ransomware attack.
- Government agencies ranked ‘below average’ in terms of cybersecurity awareness training.
- Health care organisations were among the best prepared.
Perhaps the most disconcerting finding was that a significant cyber-defence gap exists between large and small organisations, according to the report. Of organisations that generate more than $1 billion annually, 81 per cent had implemented a robust cybersecurity policy. But among those outfits that pull in less than $50 million, only 63 per cent had taken proactive measures.
In terms of surviving an attack, the research draws a stark contrast between the largest and smallest organisations. At least 15 per cent of very small businesses had no cybersecurity policy whatsoever, and 39 per cent had no plan to purchase cyber insurance. The largest corporations, by contrast, were highly likely to carry insurance to cover an attack.
Can a cyber-attack bankrupt an organisation?
Given that small businesses are less likely to have cyber insurance, the hard data points to potential bankruptcy.
According to CSO online, losses suffered from a cyber-attack rose by 12 per cent over the last five years, with upwards of 30 per cent of organisations expected to suffer a breach in the next two years. American companies rank among the hardest hit with the average breach costing $8.19 million and more than 32,000 records compromises. Countries such as the UK trail at $3.88 million and more than 23,000 digital files impacted.
Ransomware attacks — widely the most feared by industry leaders — cost companies an average of $84,116 in payoffs and recovery costs such as downtime and network rehabilitation if they are fortunate enough to receive the decryption code, according to Forbes magazine. Those who decided to refuse typically pay out more than $700,000.
How to survive a cyber-attack
Cybersecurity experts generally agree that no one-size-fits-all cybersecurity plan exists. Each industry confronts unique challenges that may include select compliance regulations, remote or in-house workers, and reliance on connectivity with other organisations, among others. However, there are essential cybersecurity measures that most operations require for foundational defences. These include the following.
- Multi-Factor Authentication for Employee Login Profiles
- Zero-Trust Account Settings
- Enterprise-Level Antivirus Software and Firewalls
- Remote Information Transfer Encryption Tools
- Secure Wi-Fi Connections
- Cloud-Based & Hard Drive Data Backups
- Ongoing Cybersecurity Training & Awareness
Cybersecurity consultants roundly advocate for organisations to adopt ongoing training and awareness. As experts in the security field, they recognise that hackers target untrained and unsuspecting employees. By compromising a worker’s login profile, they have an opportunity to peruse, steal, or ransom your digital assets.
In many cases, decision-makers hesitate to invest in determined cybersecurity until it’s too late. But by reaching out to a third-party cybersecurity specialist, you can have your systems reviewed, analysed for vulnerabilities, and roll out a cost-effective defence that can save you from Chapter 7 or 13 bankruptcy.