Risk Managers Say Not Enough Being Done to Thwart Hacking Incidents
According to a new survey, 55 percent of risk managers are not confident their company is dedicating enough resources, in terms of dollars or personnel, to combat the evolution of hacking techniques.
In a recent podcast interview with Claims Journal, Erik Cernak, cyber practice leader for Munich Re U.S. Operations in conjunction with Hartford Steam Boiler (HSB), discussed a recent study of risk managers and their views on key cyber exposures affecting businesses.
Cernak said that though 70 percent of businesses reported one or more hacking incidents in the last year, more than half felt not enough resources were being directed to thwart cyberattacks.
The results of the HSB study were released in early October to coincide with national cyber security awareness month.
“Hackers have evolved and so have their methods of attack,” said Cernak. “Businesses are on high alert, but they can do a lot better. Simply reacting to new threats is not enough.
Businesses of all sizes need to anticipate hacking trends and deploy the resources necessary to protect their private or sensitive information.”
Breaches of personal or corporate information typically involve traditional losses like damage to hardware and threats to paper records, he said. Newer forms of attacks are targeting denial of services and extortion.
The study reveals that while most attacks still target larger businesses, mid-size and smaller businesses are experiencing attacks as well and may not be as prepared to withstand them, said Cernak.
Additional study findings:
- 63 percent of risk managers were from large enterprises, 30 percent from mid-sized, 7 percent from small biz.
- 46 percent say their business has either purchased cyber insurance for the first time or increased its level of coverage in the last year.
- 36 percent of businesses do not have any level of insurance coverage.
- To combat cyber risk, 32 percent are most interested in using intrusion detection/penetration testing, 25 percent want to invest in employee education programs and 25 percent in encryption.
With repeated attacks reported, there is an emphasis on ways businesses can combat cyberattacks. According to Cernak, respondents felt that intrusion protection programs, more employee education and encryption could fight security breaches.
“Those seem to be the three things that are on the minds of risk managers when they are looking to secure their infrastructure and their platforms to help avert some of these additional claims and additional breaches,” said Cernak.
Employee education is considered one of the bigger returns on investment, Cernak said.
Cloud technology was another area of concern, with worries related to the loss of confidential information and service interruption.
Loss of confidential information was viewed as the biggest risk (76 percent), followed by service interruption (16 percent) and government intrusion (5 percent).
Industries most likely to be targeted included retail, government, healthcare and professional services like attorneys and accountants because they hold a large amount of sensitive personal and corporate information. Municipalities and educational facilities are also at risk due to budget constraints that hinder the ability to strengthen IT infrastructure.
Nearly half of the respondents reported that their business had either purchased cyber insurance for the first time or increased its level of coverage in the last year. Despite the increased risk of a cyberattack, 36 percent of businesses still do not have any level of cyber insurance coverage.