Recent data breaches of large companies such as Sony Pictures, Anthem, and Target, and an increase in data breaches on small companies, should serve as a caveat for what’s ahead when it comes to cybersecurity, or lack thereof. However, it appears that while business executives love to talk about the importance of cybersecurity, few take the measures necessary to prepare for and respond to cyberattacks and data breaches. A recent survey of 1,000 business executives revealed that “only half of the polled respondents had a formal plan in place to protect their data and networks in case of an attack.” Consequently, a quarter of respondents also claimed to be “certain that their company will suffer a security breach in the future,” further implying that taking a minimum compliance approach to cybersecurity is insufficient.
There are several explanations why executives continue to fail in implementing adequate cybersecurity practices and incident response plans. Some of these reasons include saving money or the beliefs that “my company is too small to be worth hacking” and “it probably won’t happen to me.” This perception will eventually result in companies spending millions of dollars to clean up a mess that could have been prevented. Cybercriminals have a number of reasons to go after companies of all sizes. Even the smallest companies house valuable intellectual property as well as legal, financial and personally identifiable information. If this does not scare you already, take a look at some numbers that Paul Caiazzo, principal of TruShield Security Services, has revealed about cybersecurity:
- 210 Days: Average amount of time it takes a company to realize they’ve been breached
- 4 out of 5: Number of companies unaware of a breach until notified by law enforcement
- $3.79 Million: Average cost of a single data breach
- 9%: Percentage of companies satisfied with their current incident response capabilities