It's worth the cost.
By Anne Freedman, senior editor of Risk & Insurance®
It's all fine and good to take the noble position that blackmail won't be paid, but when your organization finds itself locked out of its own website or internal files and is unable to transact business, good intentions should go out the window.
It doesn't matter how strong or effective cyber protection has become, it's not effective enough. Every organization -- even the biggest and wealthiest institution -- is vulnerable. Paying protection may be distasteful, but the end result is worth it.
When even Fortune 500 companies and specialized technology organizations such as Spamhaus are knocked offline by dedicated denial-of-service attacks or cyber-attacks, all businesses should be wary.
There were nearly 1.4 billion cyber-attacks just in the first three months of 2012, according to security vendor Symantec. Two in five of them were targeted at companies with 500 or fewer employees.
Cyberterrorists often are sophisticated hackers. But even if an organization is victimized by a disgruntled employee, the results will be the same.
Operations will be shut down. Revenues will be lost. Customers will be annoyed, or worried. Intellectual property will be at risk.
Who knows what information will be stolen? Data breaches can be enormously expensive. Organizations must notify customers and help make them whole. That usually entails call centers and identification-protection services, and sometimes it results in fines or penalties from state or federal governments.
The Ponemon Institute reported that the cost to a company of a single individual's customer data being exposed is $194. That could quickly add up to millions, depending on the number of customers affected.
All businesses are vulnerable, and small businesses are the most vulnerable.
Smaller organizations can't afford to be victimized by an attack. They can't afford to be offline for hours or days. They can't afford to lose that business. They can't afford to lose their customer data or expose themselves to reputational risk when the hack is publicized.
They have no choice: Pay or go out of business.
It's better to pay.
May 1, 2013
Copyright 2013© LRP Publications