John Graham, Vice President and Cyber Product Manager for Commercial Insurance at Chubb Insurance, explored cyber security and its impact on today’s chief financial officers during his presentation to Argyle’s CFO membership at the 2018 Financial Leadership Forum: Strategy & Innovation in the Digital Era in Chicago on May 9. In his presentation, “Data Security and Privacy Risks in the Digital Age and the Role of Insurance,” Graham offered insights into data breaches and provided tips to help finance professionals minimize data privacy risks.
Cyber threats are problematic for businesses of all sizes and across all industries. Cybercriminals are increasingly targeting companies around the globe, yet few companies understand the immediate and long-term ramifications of cyberattacks or how to stop them before they escalate.
Recent studies indicate that data breaches are becoming more severe and frequent than ever before. As cybercriminals explore ways to launch new cyberattacks against companies, CFOs and other business leaders need to prepare accordingly. Otherwise, these business leaders may expose their companies, employees and customers to a wide range of cyber risks.
Cybercriminals often use social engineering to gain unauthorized access to business systems, networks and employee accounts. By deploying phishing emails, cybercriminals can disguise a cyberattack in an email message – all without an email recipient realizing that a message actually contains a malicious file or link.
“Social engineering involves phishing attacks,” Graham noted. “Phishing attacks have been around since we’ve had email … and most people don’t know when they’ve been victimized by a phishing attack.”
Ransomware has become one of the most-popular cyberattacks, enabling cybercriminals to prevent business users from accessing sensitive data or systems until a ransom is paid.
“Ransomware works in two different ways: cybercriminals are either holding your data hostage, or they’re holding your network hostage,” Graham pointed out. “Ransomware has become extremely popular … because it is easy, fast and effective.”
Although business leaders may choose to pay a cyber ransom, there is no guarantee that paying will enable a company to retrieve its stolen data or restore its inactive systems. In fact, cybercriminals may continue to launch future cyberattacks after an initial ransom is paid.
“Cybercriminals use ransomware to take advantage of everyone’s reliance on access to data and networks,” Graham stated. “[Cybercriminals] are preying on the heightened need to not lose access [to data and networks].”
Today’s businesses must ensure their data and systems are secured properly. At the same time, companies want to provide employees with seamless access to business data and systems. This often creates challenges for business leaders who want to find the ideal combination between security and convenience.
New data privacy regulations are changing the way that businesses evaluate cyber threats, too. For example, the European Union General Data Protection Regulation (GDPR) is leading many companies to update their data management processes and systems. As consumers search for ways to ensure their data is secure, businesses may be forced to explore ways to keep pace with clients’ increasing data security expectations as well.
“As technology becomes more ingrained in our lives, people are getting more concerned about how this impacts their privacy,” Graham said.
Companies must allocate time and resources to teach their employees about cybersecurity dangers. By doing instituting an enterprise-wide cybersecurity program, businesses can empower employees to address cyberattacks and limit cyber risk. Businesses can also leverage software and technologies to address threats by partnering with cybersecurity services providers who can offer advanced cyber protection. Additionally, businesses should monitor their data and systems closely and use technology to quickly detect any potential cybercriminal activity.
As the risk of these attacks increase, cyber insurance may prove to be a valuable investment for a business. This type of insurance helps a company speed up its recovery following a data breach. Best of all, cyber insurance empowers a business to partner with an insurer that will go the extra mile to ensure a company can limit the impact of a data breach on its day-to-day operations.
“Cyber insurance is about more than just transferring risk,” Graham pointed out. “You’re signing up with a partner that is going to be there when a data breach happens and can help you through a very stressful time.”