Today's workplace is increasingly data and technology driven. Remote work and access to business emails on personal phones have provided greater flexibility and convenience for businesses and their employees. Along with this, the amount of personal data on business' data networks and cloud-based storage has skyrocketed. While increased access to technology creates great opportunity for businesses, it also poses a higher risk for network breaches that continue to rise in frequency and severity.
Ransomware attacks, which happen when hackers seize control of a person's or business's data and demand payment to restore access, were up 13% in 2022. This is an increase equal to the past five years combined.1 Additionally, 83% of organizations experienced more than one data breach during the same year.2
Matthew Magner, head of specialty cyber underwriting at The Hartford, explained the gravity a cyber threat can have on a business. “If cyber criminals are able to access a network, they can shut down a business, sometimes [permanently].”
With the global cost of cybercrime expected to top $8 trillion in 2023, network security and cyber insurance coverages have become top of mind for business leaders.3 These concerns have created a greater need for network scanning to detect vulnerabilities and potential cyber threats.
Detecting Network Vulnerabilities
Detecting network vulnerabilities is the first step to protect a business from cyber threats. Magner compares network scans to the protection of a home. “When you approach a house, you see the doors and windows, or all the potential places to enter the home. A network scan can detect entry points – essentially the doors and windows – that a company has exposed to the internet.”
Vulnerability scanning can help businesses understand what parts of their network are exposed to the internet, what software is outdated or no longer supported and how secure their email is. For example, computers, printers, Wi-Fi networks, software programs, websites and email servers are all potential entry points. Scanning can detect flaws in these devices and programs that cybercriminals can access and manipulate.
The Costs of Network Vulnerability
A data breach can have a significant financial impact on a business. In 2022, the average cost of a breach in the U.S. was $9.4 million, which is more than double the global average. Particularly, smaller businesses have been the number one target and represent 43% of all data breaches.4
The costs of a vulnerable network can also extend beyond the initial financial fallout. A network attack’s effects can cascade through a company's supply chain, causing up to 26 times the loss for a business’s ecosystem.5 Additionally, breaches can affect a company's credit rating, borrowing costs and insurance premiums.
Calculating the Risks
Not having sufficient network protection can cripple a business. Despite the prevalence of network threats, many organizations underestimate their cyber exposure and fail to safeguard against those risks by upgrading their network security or getting cyber insurance coverage. Currently, damage from cyberattacks will amount to about $10.5 trillion annually by 2025.6
Part of the challenge is that many companies assume their business, or industry, is too small to be targeted by network hackers. “Perhaps their industry is not rich in personal data, so the companies assume [a cyberattack] won’t happen to them,” Magner said. Smaller companies often have fewer resources, particularly amid inflation, so they could be more likely to be targeted.
The Value of Expertise and Standard Practices
It’s important that businesses of all sizes work with network security subject matter experts. “Working with an experienced panel of professionals with deep cyber and breach expertise can help businesses ensure their networks are protected and help them prepare an incident response process,” Magner explained.
As cyber risks and potential insurance payouts increase, carriers are becoming more stringent in their underwriting of cyber coverages. Consistent and quality scanning is an essential component to qualify for, and maintain, cyber protection.
While scans help businesses and insurers assess gaps or shortfalls in network security, there are additional important, ongoing steps that businesses can take to qualify for cyber coverage. Multifactor authentication, where a user inputs two or more pieces of information to verify their identity, is among the minimum security measure requirements for securing cyber insurance.
As automated technologies continue to evolve, businesses must continually invest in protecting their networks and educating employees through training and testing. “You can have the best [network security] controls and software in place, but an employee can make a decision in response to a [hacker's] email that could cost the organization,” Magner said.
In a digital world, cyber risks will persist, but network scanning, security measures and employee training can help ensure businesses stay protected.
Visite thehartford.com/cyber to learn more about our cyber offering and our CyberChoice First Responders.
1,2 “Data Breach Investigations Report,” Verizon, July 2023
3 “Cybersecurity Trends & Statistics For 2023; What You Need To Know,” Forbes, March 2023
4 “Is your front door open and unlocked for cyber criminals?,” Verizon, July 2023
5 “The Devastating Business Impacts of a Cyber Breach,” Harvard Business Review, May 2023
6 “New survey reveals $2 trillion market opportunity for cybersecurity technology and service providers,” McKinsey & Company, October 2022
La información proporcionada en estos materiales brinda información general y de asesoría. It shall not be considered legal advice. The Hartford does not warrant that the implementation of any view or recommendation contained herein will: (i) result in the elimination of any unsafe conditions at your business locations or with respect to your business operations; or (ii) be an appropriate legal or business practice. The Hartford assumes no responsibility for the control or correction of hazards or legal compliance with respect to your business practices, and the views and recommendations contained herein shall not constitute our undertaking, on your behalf or for the benefit of others, to determine or warrant that your business premises, locations or operations are safe or healthful, or are in compliance with any law, rule or regulation. Readers seeking to resolve specific safety, legal or business issues or concerns related to the information provided in these materials should consult their safety consultant, attorney or business advisors. All information and representations contained herein are as of August 2023.