“Give it to me straight, should I be worried about cybercrime?”
In fact, I think it’s your #1 business risk.
“How would you even know that without knowing my business?”
Of Canadian businesses surveyed, they reported being hit an average of 40 times to the tune of $175K per attack (The Cyber Security Readiness of Canadian Organizations, 2016 Scalar Security Study).
What’s more, cybercrime can inflict serious financial damage on your business, whether through loss of actual funds or a damaged reputation. The likelihood of reoccurrence is very high, too.
Key to my statement is this: Cybercrime’s prevalence in your community is real.
The only time we ever really hear about cybercrime is when a large retailer or government is hacked. But I am willing to bet that some of you have heard whispers about local businesses that have suffered losses because of cybercrime. I’ve heard those whispers, as well.
You might be thinking, “If there were more attacks, wouldn’t I be hearing more reports?”
- For starters, there’s no real mandatory requirement for a business to disclose when it’s been hacked, unless a significant amount of privacy assets is lost that would result in significant damage to the victims impacted by the breach. Many small-to-medium businesses don’t have that many personal records to qualify for this scenario.
- Secondly, cybercrime that doesn’t involve loss of privacy assets, such as ransomware and on-line wire fraud, doesn’t require any reporting requirements. It’s not mandatory.
- But get this, trends are showing that these types of attacks are rampant and have impacted many businesses. So, the need to report is there. The need to go beyond whispers is there.
We each need to ask ourselves this important question, “Would I voluntarily disclose if my business was the victim of cybercrime?”
My guess is that most would say no. And I don’t blame you. We might be thinking, “What if I disclose, would I be taking a risk in damaging my reputation within the business community or in the eyes of my partners and customers?”
These feelings are understandable. You might also want to consider, though: “Would other businesses that have been hit feel any different?”
I think how we look at cybercrime and the reporting of it need to change. If we stop thinking about disclosing as a “risk” and starting seeing it as “sharing” and “helping one another”, then this perspective and fear might dissipate.
Just because we aren’t hearing any reports about victims, sadly doesn’t mean it isn’t happening. It’s just that no one has heard about it yet. And we need to start talking about it, so we can all start hearing and learning about it.
Because, cybercrime is running wild in our marketplace.
“Want to learn more?
Subscribe, below, to our blog for monthly posts on Cybercrime and other risk management topic.
Protect your business and your assets. Contact Gougeon Insurance Brokers to talk about your risk solutions.