skip to main content
Cyber

Don’t play cyber risk "dominos" with your business

09/2021
dominoes

Cybersecurity risks are critically challenging for businesses, with the potential to cause severe business disruption and financial impact.

Understanding the threats and how cyber-attacks work can help you keep hackers at bay and better prepare and protect your business.

 

The "domino effect"

What is often not understood prior to a cyber-attack is that the negative fallout of an incident can create a rapid downward spiral. As business becomes progressively impaired, reparation costs quickly escalate.
 

  • The first domino — lost business cost. 
    When websites or computer systems are attacked and taken offline, virtual storefronts may be rendered unusable by customers, and transactions may not be able to be processed. Though brick and mortar stores may still be open, with the virtual enterprise “closed,” customers and clients go elsewhere.
  • The second domino — lost customers and reputation cost. 
    If personal customer information (such as credit card numbers) is stolen, it shakes consumer confidence. A breach can be compounded by bad press, which can cripple brand reputation and lead to more devastating customer attrition.
  • The third domino — restoration costs.
    After any cybersecurity incident, the tasks of restoring digital data, software, computer systems — and reputation — require money, time, personnel, and often costly external expert resources.
  • The fourth domino — legal and settlement costs. 
    When a cyber-attack negatively impacts customers, vendors, suppliers, or others there can be legal ramifications. Claims can be extremely costly and time consuming to defend.

When these dominos start to fall, the increasing costs may bring a business to the point of bankruptcy.

 

How cyber criminals gain entry

There are several ways that cyber criminals can gain access to a company’s website or internal server to steal data or otherwise attack a business. These include:
 

  • Insufficiently securing electronic devices that have legitimate server access, such as computers or tablets.
  • Exploitation of weak employee passwords or lax password precautions.
  • Taking advantage of a power or internet service failure (that may or may not be caused by bad actors).
  • Active attacks that exploit security flaws and often employ sophisticated malware or techniques, like ransomware, credential stuffing, and phishing.

 

Protecting your business from cyber-attacks

Although stopping cyber criminals may seem like a formidable task, there are a handful of simple measures that companies can use to create their own cyber risk management program and limit their exposure.
 

  • Update IT equipment and security software 
    Outdated operating systems and computers, and outdated or unpatched software are easily breached by criminals.
  • Diligently monitor networks 
    Companies can limit damage if network abnormalities are caught quickly. A cybersecurity expert can identify high risk areas, and there are security software offerings that can offer monitoring solutions.
  • Educate employees on cybersecurity vigilance 
    According to Chubb’s 2018 Singapore SME Cyber Preparedness Report 2018 – Too small to fail?, the top three cyber incidents caused by internal factors were data loss or business interruption from system malfunction, technical fault and human error. Make sure your staff understands the important role they have in preventing a cyber breach and help them establish positive and secure habits with formal, enforced written cybersecurity policies and regular training. 
  • Require good password hygiene 
    This is an integral part of any cybersecurity program. Passwords should be strong (e.g. a mix of letters, numbers, and symbols) and should be frequently changed. When employees leave the company, their credentials should be automatically revoked.
  • Create a cyber incident response plan 
    Some incidents can be mitigated with a prepared response plan and a team of both internal and external cyber incident responders. With a strategy and experts in place, response to and resolution of an incident can occur more quickly.
  • Purchase cyber insurance 
    While proactive measures are essential, a back-up plan is required to better safeguard against cyber risks. A good cyber insurance program is more than just a financial loss mitigation tool — it can help a company better understand how to prepare ahead of a potential cyber-attack, and offer resources and partners, such as cybersecurity trainers for employees.

No part of this article may be reproduced in any written, electronic, recording, or printed form without written permission of Chubb.

Disclaimer - The content of the above article is not intended to constitute professional advice. Although all content is believed to be accurate, Chubb Insurance Singapore Limited (Chubb) makes no warranty or guarantee about the accuracy, completeness, or adequacy of the content of this article. Users relying on any content do so at their own risk.

Contact Me
Contact Me

Have a question or need more information?

Leave your contact details and our representatives will get in touch with you.