More than 400 companies are targeted for business email compromise each day (Symantec)

Around 50% of small businesses have experienced a ‘cyber attack’.*

More than 70% of attacks target small businesses.*

More than 75% of employees leave their computers unsecured.*

Over 60% of small companies go out of business within six months of a cyber attack*

* National Cyber Security Alliance

Home Depot agreed to a $19.5 million data-breach class action settlement after a data breach that exposed up to 56 million credit and debit cards (and 53 million customers’ email information). The pre-tax cost of the breach is $161 million, according to Home Depot’s filings.

Negligence is the No. 1 cause of action in data breach lawsuits, and what is ‘reasonable’ continues to evolve as threats change. Roughly 5% of public data breaches result in class-action litigation, with multiple lawsuits filed against the largest and most publicized defendants.

Cyber attacks were concentrated in five industry sectors: business (50.5 percent), medical/healthcare (28.3 percent), educational (8.8 percent), banking/credit/financial (7.1 percent) and government/military (5.3 percent).

Who was affected personally? Almost everyone. A massive Dark Web database of 1.4 billion email addresses, usernames and passwords was discovered in December of 2017. The database includes passwords from large companies like LinkedIn, Netflix, Gmail and PayPal.

A single breach of data analytics company Alteryx exposed sensitive information for 123 million U.S. households.  According to the U.S. Census Bureau, there were about 125.8 million U.S. households.

Who needs Cybersecurity?

* Organizations that process credit cards and must meet PCI Data Security Standards
* Organizations that must abide by HIPAA/HITECH
* Federal contractors under NIST 800-53, NIST 800-171, FISMA, FedRAMP, ITAR, DFARS, CMMC and others
* Financial institutions under the Gramm-Leach-Bliley (GLBA), the Financial Services Modernization Act, Sarbanes-Oxley (SOX)
* Any organization that maintains Personally Identifiable Information (PII) of staff or clients that fall under state privacy laws

It is crucial that business owners recognize their own competence limitations regarding computer security measures and take the necessary time and energy to become competent or consult available experts in the field.

While many small businesses are concerned about cyber attacks (58%), more than half (51%) are not allocating any budget at all to risk mitigation.

In the aftermath of these incidents, these companies spent an average of $879,582 because of damage or theft of IT assets. In addition, disruption to normal operations cost an average of $955,429.

What is the cost of keeping your business in business?

What is the price you pay for business insurance going to do for you in the event of a cyber attack and breach?

How long will you be in business  after a reported breach?

How much do you spend on coffee each month?

What is the cost of NOT protecting your business?