While Fortune 500 companies and other large businesses are on the ball when it comes to minimizing cyber risk, smaller companies don’t feel the same urgency, according to a report by Willis North America .
According to the report, 22% of Fortune 501-1000 companies have taken no stance or issued any public statement on cyber risk. Comparatively, only 12% of Fortune 500 companies remain silent.
That complacency could be disastrous as cyber-attacks are increasing — especially against smaller businesses.
“This is concerning because the view that firms may see themselves as less likely targets of an attack runs contrary to our experience, and in fact, many of these firms are sitting at the center of the bull’s-eye,” said Ann Longmore, Willis’ executive vice president of FINEX.
According to the Ponemon Institute, the average cost of a data breach is $188 per compromised record. To a small business, that price could be a death sentence.
Meanwhile, insurance companies are attempting to convince clients cyber insurance is an important investment. To plush out plans and attract potential policyholders, the Chubb Corp. is offering cyber liability insurance customers an incident response plan through its risk management platform.
The plan helps clients collect and maintain important employee and customer information, including health care records, Social Security numbers, debit and credit card numbers, and financial information. In the event of a breach, clients have a reliable resource for retrieving lost data.
Ken Goldstein, vice president and worldwide cyber security manager for Chubb, said this incident response plan will especially aid small businesses.
“Many small businesses may not have the resources or expertise to develop such a plan, leaving them exposed to the disruption of a data breach, and costly first-party expenses, legal ramifications, and regulatory fines and penalties,” Goldstein said.
Incident response plans like Chubb’s are believed to help reduce per-record costs of data breaches by up to $42 per record, the Ponemon Institute study estimates.
According to the Willis report, industries most concerned about cyber risk include health care, technology, insurance, life science and retail. The real estate, financial services, and energy and mining sectors are among the least concerned.
