4 Common Misconceptions Mid-Market Firms Have about Cyber Risk

A new report from insurance brokerage Assurex Global identifies four main misconceptions mid-market companies have about cyber risks.

1. Cyber attacks primarily affect large businesses. Hackers often target smaller and mid-sized firms because they usually lack the sophisticated security of large companies and can be “easy” targets, says Michael Richmond, sales executive for Risk Advisory Solutions at the Horton Group in Chicago, Ill. “You don’t hear about the breaches at $50 million or $100 million manufacturers … sometimes it’s because the cyber protection at smaller companies isn’t as sophisticated … but they are happening,” says Richmond.

The NetDilligence/McGladrey 2015 Annual Cyber Claims study found that companies with revenues between $50 million and $1 billion accounted for nearly half of all cyber claims.

2. Their type of business isn’t likely to be targeted. Mid-market organizations not only think they’re too small to be hacked but also usually hold the belief that thieves aren’t interested in their sector. Any organization that has information and commerce can be a target, says Richmond. Thieves often can target companies to gain trade secrets, steal intellectual property, gain a competitive advantage, or even ruin a company’s reputation.

“You don’t hear about the breaches at $50 million or $100 million manufacturers … sometimes it’s because the cyber protection at smaller companies isn’t as sophisticated … but they are happening.”

According to a 2015 Symantec report on cyber breaches, the top industries breached were services; finance, insurance and real estate; retail trade; public administration; and wholesale trade.

3. They can absorb the cost of or self-insure against data breaches. The cost of a single data breach can nearly wipe out a small company. These costs can run into the millions of dollars when factoring in investigation, notification, public relations, regulatory fines, and any potential settlements or judgments. Individuals are frequently filing suit against companies for such breaches, spurring companies into paying staggering defense costs.

The Ponemon Institute’s 2016 Cost of Data Breach Study found the average cost of a malicious or criminal breach incident to be $158 per compromised record. The 383 companies that participated in the study said their average total cost per breach was $3.79 million to $4 million, up 23% from 2013.

4. Outsourced network security and data management reduces risk. Mid-market companies should scrutinize their IT vendors and services much like they would investment decisions, reported Bob Guilbert, managing director at Eze Castle Integration Inc., at MiddleMarketGrowth.org.

Meanwhile, Richmond says even when outsourcing, a company can still enable and be liable for breaches. As the original data owner, the company could still be named in third-party lawsuits, and while the vendor agreement may contain indemnification provisions, there are many ways vendors can get out of them. Richmond says these indemnification provisions often have limiting and exclusionary language for amounts and certain types of breaches.


Craig Guillot

Craig Guillot is a business writer based in New Orleans, La. His work has appeared in Wall Street Journal, Entrepreneur, CNNMoney.com and CNBC.com. You can read more about his work at www.craigdguillot.com.

Share
Published by
Craig Guillot

Recent Posts

Rachel Barger, Cisco’s Senior Vice President of the Americas, Encourages Us to Always Keep an Open Door

In this edition of our Corporate Competitor Podcast, leadership speaker and storytelling expert Don Yaeger…

2 days ago

Boards May Need To Reevaluate Their Idea Of Acceptable Risk

Boards are being held to a higher standard regarding risk. A more thorough strategy may…

6 days ago

CEOs Can Become Afflicted With ‘Boreout’ Too

If you're experiencing burnout not because you're overworked, but because you're underinspired, it might be…

6 days ago

Why CIOs Should Report Directly To The CEO

When companies elevate the role, they reap significant benefits. Here are five critical ways it…

7 days ago

New-Era Koppers Keeps Staying Ahead Of The Game

CEO Ball has led early decoupling from China and diversification that ties into today’s infrastructure…

7 days ago

Cyberattacks: Not If, But When

You can’t be bulletproof, but you can be armed for battle.

1 week ago