Have you ever thought about how much your business could lose if hackers went after you? What if all your software – including valuable client records – went haywire because of malware?
According to the IBM/Ponemon Institute’s Cost of Data Breach study for Australia, the average cost of a data breach is $2.64 million. To scale that a bit, it’s $142 per lost or stolen record. The good news is that costs are going down, especially in industries where information security is closely regulated. But $142 per record – not to mention the losses that don’t occur in the same year, such as churn – is still unacceptable. Not to mention the fact that customers and clients deserve to be able to rely on businesses to keep their info safe.
To protect against this very real risk of financial loss, many organisations seek cyber insurance. As the name suggests, this type of insurance pays out a specific amount in instances such as a data breach, malicious hack, business interruption from malware, etc. Unfortunately, when they don’t have risk management measures in place, they may find their premiums are expensive and their policies limited – if they can get coverage in the first place.
Education – your first line of defence
Insurance companies don’t just issue policies willy nilly. Nor do they hand out cheques, no questions asked, when it’s time to make a claim. Rather, most insurers have strict requirements to do with implementing best practice and mitigating the risk of a cyber-attack.
There are a couple of main things insurers look for. One is threat assessment; expert reports (plus regular reviews) on the kinds of risks that a business faces, given characteristics such as size, location, transaction locations, industry, IT infrastructure and more. This might even involve testing by ‘ethical hackers’ to determine weak points. The other main thing is employee education.
Regardless of the size of your organisation, it’s not enough to have one person (or a team) with dedicated cyber security responsibilities. Every single person needs to be involved in protecting against risks, especially threats like social engineering or phishing. Education is the key here to making sure everyone is (to borrow from the old national security ads) alert, but not alarmed. First, employees need to know what the risks are, and what to look out for. Then they need to be equipped with the right information to make smart decisions at every critical juncture.
There’s some good news out of that Ponemon report. Employee training was one of the top three impact factors when it came to reducing the per capita cost of a data breach. Specifically, it cuts around $10.30 from that aforementioned $142 per record cost. It also turns out that hindsight is 20/20 when it comes to the preventative power of employee security education. Training is the second most common solution that’s implemented by major organisations after a data breach.
An education solution that’s as agile as you are
Online-only information security training is a cost-effective way to make sure all of your people are up to speed as soon as possible. Because it’s flexible, it’s easy to roll out without causing major business disruption. Alternatively, you can include it in your onboarding process. Money101’s introductory training is suitable for employees from a wide range of different backgrounds and roles. Cyber insurance isn’t the cure-all many people think it is. Explore what’s included in Introduction to Information Security today, and take that critical first step towards protecting your organisation.