Businesses that successfully respond and quickly recover from these events routinely test their response protocols and train employees. Luck favors the prepared, and investments in cybersecurity will pay dividends with recovery efforts.
2.) COMMUNICATION
Especially when customers are personally or professionally impacted by an event, transparent communication will be vital to retaining trust and continued business. Moreover, applicable state and federal requirements specify certain disclosures and government reporting of cyber incidents.
Cyberattacks can be complex and difficult to resolve as fast as the public may like, so even if a business cannot share sensitive details in the short term, it can communicate about its processes and controls. Is an investigation in process? What is the company doing to prevent further harm? How will customers be affected, and how will they be compensated for any losses? This is a chance to explain how the business is proactively rectifying the situation. Having an at-the-ready communications plan will accelerate the recovery and limit reputational damage.
3.) REPAIR
It’s the most important piece of the process — solving the problem. If there is a data breach, the company’s IT team or vendor should have preexisting protocols to contain it and mitigate immediate
damage. For example, employee passwords may need to be reset, affected internal systems rebooted and the customer base informed of any steps they will be required to take.
If it’s a ransomware event and systems fail, it may take weeks or months to determine critical data loss, and even if the ransom is paid, there is no guarantee all the data will be returned, unencrypted or made available. Consider the “3-2-1 rule” — three different immutable copies of important data, with two different storage means (i.e., cloud vs. tape), and one copy held offsite or offline.
Law enforcement also plays a role in the process. Contact the authorities as soon as the breach is identified because cybercrime experts can assist in resolving the situation and perhaps identifying the fraudster(s).
4.) THE AFTERMATH
When a cybersecurity incident is in the rearview mirror, it should not be totally out of sight. Consider what security deficiencies led to the issue. Quite often, it is human error that stems from lack of training. In other cases, a business’ internal safeguards are not adequate. Make no mistake, “lightning” can strike twice, as once a business is a target, its vulnerabilities are often served up online to other bad actors for a price. Prompt and focused action is a priority.
In the aftermath, it is contingent on leadership to audit security measures, determine what can be done to enhance them and take steps to do so. Additionally, businesses with a cyber liability insurance policy in place will have the benefits of a team of experts to guide the recovery (see sidebar for more).
As costly as cybercrime can be — and not only financially — it need not be fatal to a business. Active planning and transparency can help salvage a reputation and prevent even worse outcomes.
**A TOOL TO PREP FOR THE WORST**
In parallel with the rise of cybercrime, cyber liability insurance is now commonplace for organizations that are responsible for large amounts of sensitive data. These policies, be they individual or bundled with other insurance products, can be a lifesaver in the event of a breach or damaging cyberattack.
Depending on the terms of a policy, cyber liability insurance can reimburse significant expenses in
the wake of an attack, such as notification and credit monitoring costs, regulatory fines and losses from identity theft. Insurance carrier partners also can take on the legal liability of the attack and offer comprehensive cybersecurity risk management advice.
All businesses are at a heightened risk for a cyberattack and fraud. Company size, type of information stored and revenues are often irrelevant as to how targets are found. Even businesses that do not house sensitive data are still at risk of being locked out of their systems with their operations interrupted, resulting in lost revenue. It’s never too soon to reach out to an insurance broker and identify the best policy for a business’ unique operational needs.
FNB provides an array of products aimed at fraud prevention, such as Positive Pay and ACH Debit Filter treasury management services. FNB’s insurance subsidiary, First National Insurance Agency, diagnoses risk factors and connects customers with more unique solutions, including cyber liability policies. Visit fnb-online.com/protect-your-business to learn more.
Additionally, FNB’s insurance experts recently hosted a free webinar, “Cybersecurity Threats that Put Your Business at Risk.” To view the presentation on demand, click on the provided weblink.