4 Common Misconceptions Mid-Market Firms Have about Cyber Risk

Many mid-market firms underestimate their exposure to hacking, security breaches and cyber attacks. As the costs and frequency of these attacks continue to rise, companies need to increase awareness and overcome the misconceptions that they're too small or too niche to be targeted.

gettyimages-488625012-compressor-1A new report from insurance brokerage Assurex Global identifies four main misconceptions mid-market companies have about cyber risks.

1. Cyber attacks primarily affect large businesses. Hackers often target smaller and mid-sized firms because they usually lack the sophisticated security of large companies and can be “easy” targets, says Michael Richmond, sales executive for Risk Advisory Solutions at the Horton Group in Chicago, Ill. “You don’t hear about the breaches at $50 million or $100 million manufacturers … sometimes it’s because the cyber protection at smaller companies isn’t as sophisticated … but they are happening,” says Richmond.

The NetDilligence/McGladrey 2015 Annual Cyber Claims study found that companies with revenues between $50 million and $1 billion accounted for nearly half of all cyber claims.

2. Their type of business isn’t likely to be targeted. Mid-market organizations not only think they’re too small to be hacked but also usually hold the belief that thieves aren’t interested in their sector. Any organization that has information and commerce can be a target, says Richmond. Thieves often can target companies to gain trade secrets, steal intellectual property, gain a competitive advantage, or even ruin a company’s reputation.

“You don’t hear about the breaches at $50 million or $100 million manufacturers … sometimes it’s because the cyber protection at smaller companies isn’t as sophisticated … but they are happening.”

According to a 2015 Symantec report on cyber breaches, the top industries breached were services; finance, insurance and real estate; retail trade; public administration; and wholesale trade.

3. They can absorb the cost of or self-insure against data breaches. The cost of a single data breach can nearly wipe out a small company. These costs can run into the millions of dollars when factoring in investigation, notification, public relations, regulatory fines, and any potential settlements or judgments. Individuals are frequently filing suit against companies for such breaches, spurring companies into paying staggering defense costs.

The Ponemon Institute’s 2016 Cost of Data Breach Study found the average cost of a malicious or criminal breach incident to be $158 per compromised record. The 383 companies that participated in the study said their average total cost per breach was $3.79 million to $4 million, up 23% from 2013.

4. Outsourced network security and data management reduces risk. Mid-market companies should scrutinize their IT vendors and services much like they would investment decisions, reported Bob Guilbert, managing director at Eze Castle Integration Inc., at MiddleMarketGrowth.org.

Meanwhile, Richmond says even when outsourcing, a company can still enable and be liable for breaches. As the original data owner, the company could still be named in third-party lawsuits, and while the vendor agreement may contain indemnification provisions, there are many ways vendors can get out of them. Richmond says these indemnification provisions often have limiting and exclusionary language for amounts and certain types of breaches.


MORE LIKE THIS

  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events

    Roundtable

    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)

     

    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.