2023 was the most devastating year yet for ransomware attacks, with businesses forking over $1 billion in ransom payments for the first time ever – and 2024 is expected to be even worse. Beyond the payments, the average cost of each ransomware attack last year was over $5 million. Given these unprecedented statistics, ransomware attacks could be the largest, looming threat to your business in 2024. This Insight provides a clear five-step plan to help you lower the odds of falling prey to a costly attack.
The Basics
1. Provide Updated Cybersecurity Training
You should provide updated and robust cybersecurity training to all your employees (including very busy executives) on an annual basis. According to the 2023 Cost of Data Breach Report (CODBR), phishing and compromised credentials were the most common initial attack vector for data breaches, demonstrating that threat actors still count on a shortfall in employee oversight to gain access to valuable, confidential data.
The latest data from the CODBR also suggests that cybersecurity training is a wise investment for employers. In 2023, organizations with a high level of employee training that suffered a data breach incurred a significantly lower than average cost in managing and responding to the data breach incident – on average, data breaches cost $770,000 less for organizations with high level of employee training and $640,000 more for organizations with low levels of employee training.
This data underscores the importance of ensuring that all employees with access to sensitive data are familiar with the basic principles of data security. Make sure to train them to understand the red flags that will help them detect phishing emails and other common tactics used to compromise credentials.
2. Maintain and Test Your Incident Response Plan
Create, maintain, and exercise a data security incident response plan (which addresses all data security incidents, not just those rising to the level of a reportable data breach under applicable law), resiliency plan, and associated communications plan. The response plan should include response and notification procedures for ransomware incidents. You should also ensure that your incident response plan is regularly tested and updated, as cyberthreats are quickly evolving. Engage in what is called a “table-top exercise” at least annually, which is like a fire drill but for data security.
According to the 2023 CODBR, employers who maintained an incident response team and plan were able to identify and contain data breaches an average of 54 days (19.4%) faster than employers who did not maintain an incident response strategy. Lower identification and containment times provably lowers the cost of a potential breach, as breaches with identification and containment times under 200 days cost organizations 23% less in 2023 than organizations who took longer to identify and contain data breaches.
Do you know how vulnerable your organization is to a cyberattack? How do you rank against others like you? Do you have critical risks you should address immediately?
Manufacturers continue to be a top target for hackers. Through GMA’s partnership with the National Association of Manufacturers (NAM), we offer an exclusive cyber insurance and risk management product designed specifically for manufacturers and their needs – NAM Cyber Cover.
NAM Cyber Cover proactively helps you avoid large losses due to a cyber incident and reassure industry partners that your company is protected by offering a complimentary cyber risk assessment (CRA) based on publicly available data.
Manage Your Risks
Respond Quickly
Mitigate the Severity
Recover from an Attack