As more and more cyber-attacks make headlines, people who once thought that something like that could never happen to them are now starting to take a closer look at the companies they do business with and the cyber security measures they have in place. While online banking and commercial transactions have always made some people nervous, most people have a general level of trust when it comes to conducting business online.
That trust appears to be misplaced, however, with insurer Hiscox discovering that most businesses in the US, UK and Germany are not prepared for cyber attacks. The firm’s Cyber Readiness Report found that more than half (53 percent) of the 3,000 companies surveyed were “novices” when it comes to dealing with a cyber-attack, while fewer than a third could be considered “experts” in cyber security.
Hiscox’s Insurance Chief Executive, Steve Langan, calls these statistics “worrying”, and it’s hard to argue with that assessment when you consider the fact that 57 percent of firms were victims of a cyber-attack in the last year alone. Of those, nearly half took at least two days to get back to normal operations.
With so much at stake, you might think that cyber insurance would be widely used, but the study found that just 40 percent of firms have taken out such a policy. It is believed that some firms might not have a clear idea of what cyber insurance coverage entails, with some believing that their existing coverage would apply to such an attack.
The U.S.’s adoption rate is slightly higher than the other countries studied, with 55 percent of companies taking out cyber insurance versus 36 percent in the UK and 30 percent in Germany. However, the attitudes toward insurance are puzzling to say the least. Forty-five percent of UK companies think cyber insurance is not relevant for their business, and 30 percent do not plan to take out a policy in the next 12 months. Some businesses have also complained that the policies are too complicated and it is not clear what they cover.
Every American is at risk
If you avoid shopping or banking online, you are not out of the woods. One area that is particularly vulnerable is healthcare, whose systems tend to possess a lot of very sensitive personal data. According to a study by security firms SANS and Norse, 375 healthcare organizations were compromised by cyber-attacks in the U.S. in the from September 2012 to October 2013, and many others were likely compromised but had not detected the attack. In those cases, hackers managed to gain access to patient files, web cameras, mail servers, printers, firewalls, and radiology imaging software.
Norse Chief Executive Sam Glines said at the time that he was astonished by the lack of effort made by these organizations when it comes to security, including using simple passwords and recycling them across multiple platforms and leaving firewalls on their default settings. As the Internet of Things (IoT) continues to bring more and more sensors to devices and interconnecting them online, the problem is only likely to get worse.
The nation’s power grid is also vulnerable to a cyber-attack, with hackers developing search engines aimed at identifying IT systems controlling power plants, dams, and financial centers that lack proper protection. Iranian hackers have already managed to penetrate a dam near New York City, drawing attention to the many vulnerabilities in our country’s infrastructure.
While the government does its best to downplay the risks, plenty of people are not taking any chances and stocking up on organic storable food for emergencies in case a cyber-attack leaves us without electricity. As the Hiscox study shows, organizations are simply not taking the risks seriously enough, and every single one of us could be affected by their negligence.