- Robert Stines
5 Reasons Companies Should Be Concerned About Hacking
It is hacking season! Companies are paying millions of dollars related to hacking incidents - Target, Sony, Anthem, to name a few. Hackers are targeting companies that store personal identifiable information (PII). These companies include law firms, restaurants, universities, healthcare service providers and the government. If you operate a business, here are five reasons you should be concerned.
1. Hacking Happens
It really does not matter if you operate a national chain or a small business. According to a survey released by The HSB Inspection and Insurance Company, nine out of ten businesses experienced at least one hacking incident in 2016. As the former FBI directer Robert S. Mueller, III, stated:
“I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again."
Every company should expect to be the victim of a cyber attack. Are you prepared for the inevitable?
2. Hacking Is a Billion Dollar Industry
When Willie Sutton, the famous bank robber was asked “Why do you rob banks?” he replied, "because that’s where the money is." Fast forward to the 21st century. The Insurance Information Institute found that $16 billion was stolen from 15.4 million U.S. consumers in 2016. PII is sold on the Dark Net with the use of cryptocurrencies which is then used to purchase consumer products, steal tax refunds, and obtain fraudulent loans. Gone are the days when crime was a one-to-one ratio (one criminal steals from one victim). Now, it is a one to many ratio (one cyber criminal can instantaneously steal from thousands or millions of victims). Business is good for Crime Inc. As long as cyber attacks are profitable, they will continue.
3. Companies Are Being Sued
If your company is the victim of a cyber breach and customer information is stolen, you can expect to be sued in a class action by those customers. As seen above, companies have been sued and forced to settle for millions of dollars, and these are just the ones that made headlines. Many other "smaller" companies are at risk of a cyber attack and a subsequent lawsuit. Defending a class action lawsuit is extremely expensive. If your company does not have cyber insurance, a cyber attack could ruin your company's chances of survival.
4. Companies Are Required To Protect Customer Data
Not all, but many states are now requiring that companies take preemptive steps to ensure that customer data remains protected while on company servers. If your business is hacked, some states require that the company attempt to mitigate damages and notify customers of the breach. If the Feds do not implement a blanket requirement, we should expect every state to eventually adopt similar laws. Are you taking the necessary steps to protect your customers' information?
5. It Will Get Worse
The Internet of Things (IoT) is the interconnection of physical devices, vehicles, buildings, and other items embedded with electronics, software, sensors and network connectivity that enable everyday objects to collect and exchange data. Hacks in the future will impact our autonomous cars, implantable medical devices, mobile devices, wearable technology, etc. With IPv6 allowing almost every man made device to be connected to the internet and have its own IP address, every device will become hackable. Many of these everyday objects lack even basic cyber security. Hackers can use everyday objects to gain access to a company's wireless network and infiltrate devices with sensitive information. Just think, hackers will gain access to your customers' sensitive information by hacking the coffee-maker in your office.
Companies must take action to secure customer data in their networks. It is one of the responsibilities of operating a business in the 21st century. Not only should companies implement cyber security measures, they should consider purchasing a cyber insurance policy to provide financial assistance when the inevitable hack occurs.