Cyber attacks on large companies make big headlines. But what about small-to-medium sized businesses, the SMBs of this world? Most lack resources to either prevent an attack or to deal with it quickly and effectively afterwards. Yet SMBs make up the majority of companies in the construction industry.
In terms of prevention, smaller enterprises are often at a disadvantage. Computer systems might be older, antivirus protections may be out of date or inconsistent across the company and IT personnel may lack cybercrime expertise.
Cyber insurance may be a primary means of rectifying and recouping costs after an attack. However reports suggest many larger companies, in fact, enjoy privileged service from insurers even before the insurance policies are finalized. Insurers have a vested interest in the quality of cyber security protocols in place with their larger clients and therefore help them evaluate and bulk up internal protections before attacks take place.
Yet smaller companies without such kid-glove service are just as vulnerable to cyber attack, perhaps more.
According to U.K. insurance provider Hiscox Ltd., companies with between 10 to 49 employees experienced significantly higher numbers of cyber incidents over a 12-month period than those with more than 50, 250 or even 1,000 employees. This reveals a vulnerability that needs to be addressed.
The survey also reveals the median cost of each attack doesn’t change significantly with company size, averaging between $13,000 and $26,000. However, when the higher number of incidents is taken into account along with the dollar cost, the financial impact is magnified for smaller businesses.
If an SMB can even find cyber insurance coverage at an affordable cost, it will still be expected to take significant internal steps to reduce risks. Some of these include: recurrent best-practices employee training; improved backup protocols of sensitive employee personal data; secure storage of project information; and a communication plan to deal with clients should an attack occur.
“No business wants to imagine being a victim of a security breach or severe data loss,” says construction software provider Viewpoint. “But preparing for the worst puts your business in the best position moving forward, because you can act quickly and have more control of the outcome.”
A review of the hardware and security solutions currently in place also needs to be undertaken. Older systems are easier to attack. Replacement is an investment that might not only prevent an attack but also save time and money should one occur. Traditional data recovery costs can be expensive, not to mention the additional costs of replacing almost all components in the original IT system after an intrusion.
Many experts recommend that SMBs work with cloud-based software and server providers in order to reduce internal responsibilities and to benefit from outside expertise. These providers offer protections and data backups automatically and can also assist in the development of an all-important recovery plan should an attack take place. This can reduce the capital cost of updating company servers and the cost of company personnel to maintain the system.
Should an attack occur, questions must be asked and decisions made quickly. Is the attack ongoing and still in progress? What exactly has been stolen?
Then the big question: Do you pay any ransom demand? There’s no easy answer, and there are as many reasons to pay the ransom as to not pay.
Paying feeds the cyber crime system, encourages attacks on others and can still leave lingering doubts as to whether everything stolen was actually recovered. And does one small company’s refusal to pay really alter the growing cyber attack landscape?
Refusing to pay means corporate pain, data risk and the expense of identifying and then recreating what has been stolen or locked through encryption.
The good news revealed in the Hiscox survey is that 80 per cent or more of SMBs questioned now have a dedicated cyber role inside their company, and over 80 per cent hold some form of cyber insurance. Construction executives need to determine whether their firm falls within or outside these improving trends.
John Bleasby is a Coldwater, Ont.-based freelance writer. Send comments and Inside Innovation column ideas to email@example.com.