Cybersecurity Awareness: Protecting Digital Assets & Personal Info
Recently, headlines have been blaring about the call and text message records from mid-to-late 2022 of tens of millions of AT&T cellphone customers being exposed in a massive data breach. The company attributed the breach to an “illegal download” on a third-party cloud platform, which it became aware of in April, on the heels of an unrelated major data leak.
The news is a stark reminder that cybersecurity remains one of the most significant risks businesses face, with substantial direct and indirect costs. For example, one of the most notorious security breaches occurred over a decade ago when Target incurred $202 million in direct costs, including an $18.5 million settlement. The company also faced high indirect costs, such as reputational damage and decreased revenue. The breach led to a 46% drop in Q4 profits and a 9% drop in stock price over two months. Plus, customer visits and household shopping at Target decreased significantly.
These types of threats persist and continue to evolve. According to IBM's 2023 Cost of a Data Breach report, the average data breach cost in 2023 was $4.45 million, encompassing both direct and indirect costs. Direct costs include measurable expenses such as fines or lawsuits, while indirect costs, like reputational damage, can have long-lasting financial impacts.
For private equity firms managing even small to moderately sized portfolios, a data breach's potential risk and impact can quickly multiply if one or more organizations are affected. As cybersecurity threats continue to grow, businesses must remain vigilant and proactive in protecting their data to mitigate these substantial risks.
How Do Companies Mitigate Cybersecurity Risk?
Mitigating cybersecurity risk requires a multifaceted approach addressing technological and human elements. Here are several key considerations for private equity firms:
Education
Preventing human error is the main step toward mitigating cybersecurity risks, and this starts with effectively educating employees. The 2023 Verizon DBIR report revealed that 74% of all data breaches involved human input, including errors, privilege misuse, stolen credentials or social engineering tactics like phishing. However, training can significantly impact outcomes.
The 2023 Cybersecurity Attitudes and Behaviors Report found that 94% of respondents altered their behavior following cybersecurity training. Over a third began using multifactor authentication, and half improved their ability to recognize phishing attempts. Although human elements will always be part of any cyber protection program, ensuring that teams have sufficient knowledge and training is an effective starting point for reducing risk.
Here are a few popular employee education tools that can assist your organization:
- KnowBe4: Widely used by over 65,000 companies worldwide, particularly mid-size firms, KnowBe4 is one of the most popular cybersecurity awareness training tools.
- Proofpoint: Well-regarded with a strong marketplace reputation, though some users find this software less intuitive.
- Hoxhunt: This behavior training service offers pricing based on the number of employees and provides strong reporting and benchmarking capabilities.
- Other options include Ninjio, Keepnet Labs, OutThink, and Hacker Rangers.
Proactive Monitoring and Prevention Techniques
It’s important to ensure that your organization implements patches promptly. Without these, systems become more susceptible to cyberattacks, including ransomware, malware, phishing, denial-of-service attacks and data breaches. Regular updates and proactive monitoring can significantly reduce these risks.
A recent example of the risks associated with inadequate software testing occurred when a faulty update from cybersecurity vendor CrowdStrike crippled countless Microsoft Windows computers worldwide. This disruption affected a wide range of sectors, ranging from airline travel to financial institutions. The issue arose because CrowdStrike failed to test the update before deploying it to clients, leading to widespread system crashes.
Cyber Insurance
According to a recent report, cyber insurance costs are decreasing. The decline may be due to two main reasons: more insurers offering coverage (increasing competition) and businesses improving their cybersecurity practices. Investing in cyber insurance can help mitigate financial losses in the event of a breach.
It’s important to note that while some reports indicate a recent overall decrease in cyber insurance costs, prices have surged at very high rates in certain areas. Organizations must thoroughly vet their policies and ensure they maintain adequate coverage to protect against potential risks.
Risk Assessment and Validation of Cyber Posture
Organizations should conduct annual risk assessments to validate their overall cyber posture. External penetration testing and SOC2 compliance offer independent assurance of sufficient IT controls. SOC2 ensures internal security and can reduce compliance costs and serve as a sales tool for attracting larger, more mature customers. We will explore this aspect further in our next article.
Next Steps
If your organization needs cybersecurity help, our professionals stand ready to assist. Connect with us today to ensure your data remains secure and protected.
Copyright © 2024, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.
CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly traded and privately held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).