Convinced a cyberattack is looming, many employers still don't prepare
Many companies think experiencing a security cyberattack is inevitable, but a majority aren't taking adequate steps to protect themselves.
That's the main finding of a new report from insurance firm The Travelers Companies, which found that more than half (52%) of respondents think suffering an attack is inevitable. The firm commissioned Hart Research to conduct a national online survey of 1,201 business decision makers in June 2018.
Despite this, 55% of employers haven't completed a cyber risk assessment for their businesses; 62% haven't developed a business continuity plan; 63% haven’t completed a cyber risk assessment on vendors who have access to their data; and 50% do not purchase cyber insurance.
“Cyber risks carry serious consequences for any business, threatening everything from revenue to operations,” says Tim Francis, enterprise cyber lead at Travelers. “These findings reveal some surprising things about how companies view their cyber exposures, their relative confidence in dealing with them and the clear opportunity that exists for them to be better prepared for a cyberattack.”
The number of attacks on company computer systems is on the rise: The average number of security breaches per year increased by 27.4% in 2017, according to Accenture.
Human resource departments can — and need to — play a key role in preventing company cyberattacks, experts recently told EBN. Educating employees about cybersecurity is a big part of that.
For example, Kristie Evans, president of HR consulting firm HRPMO, says HR leaders should regularly remind employees to change their passwords to reduce cyberattack risk. A solid employee training program about preventing a cyberattack should also be in place.
HR executives “need to not only pay attention to what is being said to an employee during orientation, they need to have some type of interaction with employees on a regular basis,” Evans says.
With additional reporting from Caroline Hroncich.