At the end of the day, the buck starts and stops with the CEO. We’re the final risk manager, and regardless of whether we run a bank, construction company, law firm, farm, nonprofit charitable organization, or public agency, this is one of the biggest risks we face. Ignoring cyber risk is a critical error that will likely result in a painful and expensive outcome.
Let’s face it: We do our best to manage and control our businesses, but cybercriminals know they can penetrate our information security defenses through our vendors (particularly those in the software supply chain), our customers, and our employees when they let down their guard.
We need to think about what’s at stake. A cyberattack can cost us time, focus, and money, but it also can lead to lost customers, a damaged reputation, and even regulatory scrutiny. In its 2023 report, IBM estimated the average cost of a data breach at $4.45 million. In the U.S., it’s twice that. And the average time to identify and contain the breach was 277 days. Who has that time to spare?
No wonder this issue keeps me up at night—it represents a risk for the business that I run, but also a risk for all our clients.
At River City Bank we instill a business culture that teaches our staff to be hypervigilant about cybersecurity, while recognizing that mistakes can, and will, happen. In fact, the Verizon report found that 19% of data breaches were due to “internal actors,” meaning our own people or contractors, either intentionally or through error.
If your business does not conduct regular cyber training for your staff, you’re putting your company in danger. Educated workers are less likely to click on a suspicious link or use a password that is easy to hack, and, thus, mistakenly put your life’s work in someone else’s hands.
Every business, no matter the size, needs to understand cybersecurity best practices and use them to minimize losses if an attack happens. Have a business continuity plan in place, and make sure your critical data is backed up and encrypted. Build defensible space throughout your IT network to limit the damage from malware that has taken advantage of a vulnerability in your network. These suggestions, as well as other ways to safeguard your company, are why we developed this cybersecurity overview for our customers.
Last, when all else fails, don’t forget about the benefits of cyber-risk insurance coverage. The cost of this insurance is rising due to the success of the cybercriminals. But ask yourself if you can afford a massive loss from a cyberattack.