Cybersecurity Awareness Month 2022 — Data, Data, Goose!

Frightening Cybersecurity Stats to Know

Did you know that the average ransom demand has recently jumped by 20% to $1.8 million? If that wasn’t scary enough, a new business falls victim to ransomware every 11 seconds. And further still, around 40% of ransomware victims end up paying the ransom. But we’ve got ransomware on our brain. There’s far more to the cybersecurity story than that!

See how well you fare at our Cybersecurity Stats of 2022 quiz if you’re feeling brave. For now, here are some more frightening cybersecurity stats to know — and we’ve counted them down from shocking to scary:

10. Roughly 65% of companies have more than 500 employees who are never prompted to change their passwords.

9. At any given moment each week, malware infects more than 18 million websites.

8. Around half of all phishing sites now use HTTPS.

7. Email delivers 92% of all malware.

6. A malware attack costs companies an average of $2.4 million per attack.

5. When malware hit businesses this year, it took 34% of them a week or more to regain access to their data.

4. Of all the organizations who pay the ransom, only 30% ever see all of those dollars again.

3. Nearly 25% of the c-suite is willing to pay at least $20,000 and up to $50,000 to regain access to encrypted data.

2. Downtime due to ransomware costs companies around $8,500 per hour.

1. Businesses spend more than $75 billion each year dealing with ransomware costs.

Interesting Data Quotes and One-Liners

Cybersecurity is undoubtedly a serious topic that we don’t mess around with. However, amid all the risk management talk, it’s nice to give data center stage under a different, less protective light. Here are some nuggets to consider:

• “There were five exabytes of information created between the dawn of civilization through 2003, but that much information is now created every two days.” – Eric Schmidt, Executive Chairman at Google
• “No data is clean, but most is useful.” – Dean Abbott, Co-founder and Chief Data Scientist at SmarterHQ
• “Data is like garbage. You’d better know what you are going to do with it before you collect it.” – Mark Twain
• “Data analytics is the future, and the future is NOW! Every mouse click, keyboard button press, swipe or tap is used to shape business decisions. Everything is about data these days. Data is information, and information is power.” – Radi, Data Analyst at CENTOGENE
• “Where there is data smoke, there is business fire.” – Thomas Redman, aka “the Data Doc”

Here’s the Skinny on Cyber Liability

While cybersecurity has been on our radar for years, not only during cybersecurity awareness month, Business Wire reports that cyber threats have increased 81% globally during COVID-19. Small businesses were among the hardest hit, with remote and hybrid work arrangements adding complexities to an already muddied landscape. Hackers and bad actors didn’t wait long before pouncing on anything that appeared slightly vulnerable to attacks.

Where Cyber Liability and D&O Meet

Unsurprisingly, directors and officers of all-size companies felt increased pressure to protect their cyber real estate. And for a good reason, too. For example, a shareholder’s suit may hit company leaders incredibly hard if a data breach occurred, thus utilizing D&O insurance for cyber claims. We expect this type of litigation to continue in the future — but let’s examine each policy further:

• Cyber liability: Cyber liability insurance protects companies from third-party lawsuits relating to electric activities (i.e., phishing scams). Plus, it offers many recovery benefits, supporting data restoration and reimbursement for income lost and payroll spent.
• D&O: Shareholders, competitors, investors, etc., can sue a company’s directors and officers, putting their personal assets at stake. Directors and officers (D&O) insurance protects these assets from lawsuits alleging leaders of wrongful acts managing the business.

Customer Success Manager Rachel Jenkins explains the concept in this year’s cyber liability trends report, “We are starting to see more, still limited but increasing, cyber claims bleed into D&O through shareholder litigation as there is an increased fiduciary duty on the C-suite to maintain proper cyber controls through regulation and industry requirements.”

What Companies Do for Cybersecurity Awareness Month

Amid other holiday activities and preparation, company leaders will also (hopefully) spotlight cybersecurity. Here’s what we see many cyber-aware companies doing:

Renew their commitment to fostering a healthy cybersecurity culture.

Although directors and officers feel more pressure to protect their company’s digital assets, the buck doesn’t stop there. Employees also carry some responsibility. Nurturing a healthy cybersecurity culture means ongoing employee education, password change reminders, and allowing employees to carry some weight regarding data protection.

Update software and participate in multi-factor authentication.

It’s tough to keep up with software updates, yet, it could be the one link that holds off an attack. It wouldn’t be the first time a cybercriminal targeted a business with outdated software and succeeded, after all. We encourage you to listen to the update prompts from your programs or a trusted IT professional and participate in multi-factor authentication. The more barriers for hackers, the better.

Adopt a zero-tolerance policy.

Netflix recently featured an original documentary following a group of cryptocurrency investigators solving a haunting case. Strangely enough, the title is Trust No One: The Hunt for the Crypto King. Adopting a zero-tolerance policy is doing just that: trust no one. Instead of assuming your emails or other platform communications are valid, second guess anything that raises suspicion.

Review cyber liability insurance with a broker.

Commercial insurance brokers have specific roles: they represent the buyer, examining several insurance solutions to find the most customized fit for your company’s needs. Working with a seasoned broker is vital for your coverage to keep pace with your progress. During cybersecurity awareness month is an excellent time to have a meaningful conversation with your broker.

Not sure what your commercial insurance broker should be doing? We have the answers here: What’s the Role of a Commercial Insurance Broker?

Develop a disaster recovery plan.

Founder Shield’s General Manager Jonathan Selby said it best, “It’s not if a cyberattack will happen; it’s when.” As a result of these developing vulnerabilities, companies must have a disaster recovery plan. Rebounding isn’t merely recovering digital records. Instead, it often involved reputational mending, notification and monitoring expenses, reimbursement for income lost, etc. Companies must be ready for a comeback.

What Companies Should Do Every Month

See above.

No, really — we mean it! With cyber liability and D&O claims overlapping and snowballing into costly litigation, not to mention the recent cybercrime activity, now is the time to prioritize data protection and cybersecurity. Priorities during cybersecurity awareness month should be regular habits. In other words, when it comes to a game of Data, Data, Goose, we work hard to keep you from being the goose.

Understanding the details of what coverage your company needs can be confusing. Founder Shield specializes in knowing the risks your industry faces to make sure you have adequate protection. Feel free to reach out to us, and we’ll walk you through the process of finding the right policy for you.

Insurance Rebuilt, End-to-End

We've supported startups from stealth mode to huge funding rounds.

Get a Custom Quote