The Expert Podcast

The cyber risk landscape is getting scarier, so everywhere you look, whether it's in the insurance industry, the risk industry, the IT industry, or even the corporate finance industry, the predictions for 2023 for hacking, cyber risk, and cyber losses are ringing the alarm bell. Everybody's saying that this is going to be the year of catastrophic losses for businesses, government agencies, hospitals, especially infrastructure, but even small businesses because hackers look for the weakest link, the easiest opportunity. It may seem more lucrative to hit a large company or a government agency for a million or two million dollars, but they probably have stronger defenses. Smaller companies may not have the budget to put in place proper protocols for cyber defense. You might have an IT person, and they might put up some spam filters, firewalls, or VPNs, but they're not going to put in place the kind of defenses that large-scale hackers deploy to break into networks. And they don't even have to break into your network; they could break into your clients' network that connects to yours for inventory or maybe connect to your accounting software to get into your network. Even some suppliers you have probably connected to your network to give updates on invoicing or billing. Once they're into your network, it's really simple for them to just lock it all down and send you an email: "Hey, look, send us 30 grand in crypto and we'll unlock your files; send us 50 grand in crypto." And the dollar amounts might be smaller than hitting up a government agency for two million dollars, but it's a lot easier to break into smaller companies because there's not the same defense mechanisms, and they can do more of these. It's a numbers game, right? And in the meantime, while you're trying to figure out what to do, if you're out of business even for three or four days and you can't get a hold of your customers because your email's down or you don't have your accounts receivable files or you don't have your manufacturing files, that's going to cause a big disruption in your company. In fact, the disruption might cost you more than the ransom that they demand, even if they restore your files. You're also going to have problems with customer loyalty. If they can't get a hold of you, they might have to go somewhere else, and you might lose customers. You might have employee dissatisfaction. So preventing this is a snowball effect—a domino effect of consequences that can hit you. So whether or not you put this defense in place from the standpoint of IT and have very highly qualified IT people, maybe an outside consultant, or you put your protection in place with risk management like an insurance policy or a cyber liability insurance policy, many times that policy will give you the instructions you need to put in your defense mechanisms. Look, the insurance companies know what the risks are; they know how hackers infiltrate small companies, so they're going to have experience with hundreds of claims that they've paid, and they don't want to pay again. So they're going to tell you what procedures to put in place in your company, and they'll tell your IT department what to do with your network to protect it properly. And then, of course, if you do have a problem, then you have insurance to cover whatever the losses are. Make sure your policy covers the losses you want them to. If you have even a small organization, look! We see organizations that have a hundred or two hundred thousand dollars in revenue every year, and they're worried about a loss. You know, there's policies out there that are five, six hundred bucks a year for cyber liability, and you probably pay more than that for personal injury or professional liability or even physical damage on your premises, premises liability for slip and fall, that kind of thing. So whatever you want to do to protect yourself, be aware that 2023 is predicted to be the year of major cybercatastrophies. Look, a year from now, we can look back and see if that was true or not. Who knows? But we're seeing these predictions from a lot of sources. Here's one from the security industry; we've seen it from the insurance industry; we even see it from the government from InfraGard telling us the same thing. So be aware of the risks in your company and whether or not you want to try to prevent them or be protected from the losses.