There is a reason you hear about major cyberattacks so often. They happen more frequently than they used to! And when they occur, the damage is now worse. They either affect bigger groups of people, or small groups in bigger ways.
One report found that in 2017 there was a 164 percent increase in data breaches over 2016. And between breaches at Equifax, Yahoo, and other large outlets, almost everyone is a victim. Cybercrime is one of the greatest threats of modern life. So why do we ignore it so much? And why are businesses still so lax about cybersecurity?
The Shortsighted Response to Cybersecurity.
A separate report revealed that in spite of widespread cyberattacks, companies remain highly vulnerable. The research showed that 46 percent of security professionals rarely change their defense strategies. More alarmingly, this was true even after a cyberattack.
In any other context this would seem outrageous. Imagine a bank being robbed and then deciding to keep the vault unlocked. If a company does not change its security strategy after an attack it means one thing – it’s entirely vulnerable to a repeat attack.
This is referred to as cyber inertia, the tendency to do what is familiar rather than responsible. Despite all the news coverage about cyberattacks, it’s a common practice. That’s because better defenses are expensive, complex, uncertain, and restrictive. It’s easier to repeat than revise.
This approach is shortsighted for many reasons. Most importantly, it spends less to secure assets than those assets are really worth. The cost of a data breach could be catastrophic. But companies spend a fraction of that total to protect the data. The true level of risk is misunderstood. That means the real level of security is always inadequate.
Adopting a New Approach to Risk.
From a different perspective it’s understandable that companies haven’t updated security. Recent victims of cyberattacks include major global companies and top defense agencies. It’s easy to conclude that no level of protection is adequate. Hackers will always find another way to breach defenses even if they’re stronger.
There is some truth to that, but it’s shortsighted for a different reason. Companies may never be able to defend against all attacks. That doesn’t mean they can’t effectively manage and mitigate risk. That is why cyber security policies and procedures are so important. They help companies minimize the consequences of attacks even if they’re unavoidable.
There is a new focus in cybersecurity on response rather than defense. The fact that an attack breaches a network is not the major issue. The worst damage happens when companies can’t identify the problem and resolve it promptly and effectively.
Companies realize they will never be invincible to cyberattacks. But they can be largely immune. A combination of plans, policies, and coverage options keeps the damage to a minimum. It also makes the response as speedy and seamless as possible. Finally, it insulates companies from the longest-lasting damages.
It’s time for all companies to reevaluate their cybersecurity. Implementing stronger defenses is probably necessary. But for companies to enjoy true security they must consider all sides of the equation.
