This column has explored many angles of the cybersecurity issue in the five years I’ve been writing about it, and though many agents are taking their first steps to address it, some myths stubbornly persist.
MYTH 1: Cyber Attacks Do Not Affect Small Businesses
Many agents still believe that cyberattacks are directed at large companies, despite the well-documented and widely quoted report from Accenture that concluded that 43% of all cyberattacks are aimed at small businesses. More disturbing is the fact that the same report noted that only 14% of those small businesses are prepared to defend themselves. The fact is all businesses operate within a digital ecosystem in which the security weaknesses of one can impact many others. Agents and their small business clients must first understand and then tackle their cybersecurity weaknesses before they are crippled by them.
MYTH 2: Cybersecurity Is an ‘IT’ Issue
Cybersecurity has become a core business survival challenge, not just an “IT” issue for all businesses, regardless of size. Every member of an agency’s staff or those of its clients play a critical role in fending off phishing attacks and mastering other essential practices of cyber hygiene. While it is unfair to paint all IT professionals with the same brush, not all IT firms are equipped to manage today’s cybersecurity challenges, which unfortunately are metastasizing rapidly. The IT mission emphasizes functionality, i.e., keeping everything running smoothly, while the security function focuses on detection and mitigation of data breaches. Cybersecurity requires different skill sets and special certification. Some larger insurance agencies now acknowledge the differences and have split the two functions into separate departments.
MYTH 3: Strong Firewalls Provide Sufficient Protection
Too many agents insist that because they have deployed strong firewalls and immediately apply security patches when announced, they maintain adequate protection. Cybercriminals are always on the hunt for weaknesses wherever possible. Over reliance on a firewall is risky in the same way medieval lords relied exclusively on high castle walls. Once breached, attackers could move at will inside the castle to wreak havoc. Better to have a moat, high walls and two or three sets of gates to thwart attacks. Similarly, cybersecurity professionals say a defense-in-depth model delivers strong protection in which multiple layers of security are deployed, i.e., not just one roadblock but three or four roadblocks so if one fails, three more stand in the way. That’s why the use of multi-factor authentication (MFA) is growing quickly though it is only one of many important tools.
MYTH 4: Prevention and Recovery – Two Sides Of Cybersecurity