I heard recently from someone who really nailed it on how to think about cyber crime. Most of our customers and people I talk to dismiss the importance of protecting themselves and their businesses from cyber criminals. They tend to think that the banks and the credit card companies take all the risk and even if they are the victim of cyber crimes, what’s the worst that can happen?
Think of it this way: If you were the victim of a cyber crime (account hacking, card skimming, ID theft, etc.) how much would you pay to undo the crime?
Puts this in a different perspective doesn’t it? You really don’t want to be exposed. This is a real threat and growing with time. See the following statistics from the US Department of Justice:
In 2005, among 7,818 businesses –
- 67% detected at least one cybercrime.
- Nearly 60% detected one or more types of cyber attack.
- 11% detected cyber theft.
- 24% detected other computer security incidents.
- Most businesses did not report cyber attacks to law enforcement authorities.
- The majority of victimized businesses (86%) detected multiple incidents, with half of these (43%) detecting 10 or more incidents during the year.
- Approximately 68% of the victims of cyber theft sustained monetary loss of $10,000 or more. By comparison, 34% of the businesses detecting cyber attacks and 31% of businesses detecting other computer security incidents lost more than $10,000.
- System downtime lasted between 1 and 24 hours for half of the businesses and more than 24 hours for a third of businesses detecting cyber attacks or other computer security incidents.
Note, the above is from 2005! It is far more prevalent today because its lucrative for the criminals. They have a more promising career as a hacker than they do as a law-abiding worker (until they get caught).
The costs are far more significant than one might think. Consider the following direct quote from PROPERTYCASUALTY360:
“The average per-breach cost for legal fees is $690,000, while for larger companies the breach claims cost can amount to $3 million per event or more. That per-breach estimate is skewed toward the amount of information stolen from healthcare and small to mid-size companies, Greisiger added, but companies without insurance can expect to pay significantly more, primarily because they generally don’t have instant access to the various experts (that is, the “tiger team” with pre-negotiated rates) needed to mitigate the breach in a timely manner after it occurs.”
Protect yourself from the costs of dealing with cyber crime. We do.