Three things executives are getting wrong about cybersecurity

The unfortunate reality of today’s business environment is you will be hacked. This shouldn’t cause great fear among your executive team, but it is imperative that executives are prepared. How worried are you about cyber-attacks affecting your company? Take a moment and rank whether you agree with the following statements from one to five, with one being ‘disagree’ and five being ‘strongly agree’:

1. I’ve hired a first-class cybersecurity team, so I am not very concerned about the likelihood of an attack.

2. My company is on the smaller side, and generally under the radar, so there is no reason for me to be too concerned about possible cyberbreaches.

3. We have cyber-insurance, so our risk is significantly lower.

Look at your scores. If you have anything higher than a two in reference to any of the above statements, read on, because you are making some mistakes common among many executives, and you may need to rethink your cyber-strategy.

1 – Beware of a false sense of security.

A first-class IT team well-versed in cyber security may give executives in other departments a false sense of security. We know from statistics that 85% of all cyber breaches occur because of human error. Because individuals are being targeted to get into systems, human behavior is the critical factor in protecting and preventing system breaches. Executives need to therefore ensure that everyone who has access to their systems knows what to do in the event of a breach. No matter how strong your IT team may be, they can’t control what sort of mistake an individual might make by clicking on something they shouldn’t before that first cup of coffee.

2 – Size doesn’t matter the way you may think it does.

Your company may be small, but that may make you attractive to potential hackers who are looking to use your company to reach larger partners. In the 2013 attack on Target, criminals targeted a small business, specifically a vendor who dealt with air conditioning service. They were able to steal an employee’s password through a successful phishing attack at the air conditioning company and then through the billing system get into Target’s larger network.

3 – Insurance is getting more expensive and harder to use.

As risks and expenses grow, the insurance landscape is rapidly changing. Some major insurers are no longer including ransom payments as insurable, only the cost of lost business. Furthermore, an increasing number of cyber-attacks are classified as state-sponsored, which some insurers classify as acts of war which frees them from liability.