Companies remain exposed, unprotected from cyberthreats

This piece is presented by Howalt+McDowell Insurance, a Marsh & McLennan Agency LLC company.

By Jared Ducommun

It can happen to anyone.

Recent incidents of data security breaches have prompted businesses and individuals to be more vigilant about protecting sensitive information. From the WannaCry cyberattack to malicious infiltrations by hackers and innocent errors made by employees, cyber risk has become an enterprisewide concern for businesses of all sizes. Despite this heightened awareness, many companies remain exposed, unprotected and uncertain about what steps to take.

What can you do to protect your data?

Being prepared to effectively deal with a data breach is important to all organizations, but small and midsized firms are the most likely to be forced out of business because of fallout from a security breach. But what does “being prepared” look like?

If you outsource functions that can put you at risk such as credit card processing, handling payroll, doing billing, administering employee benefits, accounting/tax services, processing banking information, background checks, credit checks or even simply doing business in the cloud, you need to take preventive measures:

  • Analyze your vendors’ financial strength.
  • Require all vendors to carry proper insurance, ensure proper type and proper verification.
  • Have contracts in place with all vendors that include a clear understanding of the limitations on liability and indemnification provisions.
  • Create and maintain a corporate recovery plan, including customer communications.
  • Invest in security systems.
  • Develop security protocols for adding new vendors or for when vendors update software.
  • Conduct regular data backups and store data securely off-network and off-line.
  • Train employees to recognize and avoid social engineering.
  • Review password-protection protocols.
  • Discuss cybersecurity at the executive level.
  • Regularly test security measures.
  • Review your cyber insurance policies regularly.

Remember, a cyberattack doesn’t necessarily have to be on the scale of drawing national attention to be harmful to your business and your stakeholders. Computer viruses, phishing expeditions, ransomware, unauthorized access to your stored information and many other forms of cyber events, including routine mistakes or negligence by employees, can and should be covered by your protection protocols as well as your cyber liability insurance.

What kind of insurance is the right kind?

Preventive measures and having the right plan in place are your primary tools to weather a cyberattack. But insurance ultimately plays a role in ensuring that your operations are able to continue without undue interruption and that any damages to your organization and your customers can be made whole.

Make certain that whatever insurance you invest in provides:

  • A comprehensive program that includes a sophisticated response team and support.
  • Investigation support – forensic specialists who will determine if and how and the extent to which a breach occurred.
  • Methods to mitigate potential harm, including protecting your directors and officers from personal liability.
  • Coverage for the theft of information in any format, electronic or otherwise.

Marsh & McLennan Agency’s annual cyber risk surveys have regularly pointed out that the majority of small and midsize employers do not have any cyber liability protection in place. At the same time, more than 80 percent of them report being exposed to at least five of the key cyber risks and 60 percent have no disaster recovery plan in place.

The sooner you make cybersecurity a priority, the more protected your organization will be.

And the less any future attacks will cost you.

Make cybersecurity a priority.

For more information about cyberattacks, the risks involved and being prepared to handle the fall-out, watch for our 2017 Cyber Risk Survey Report due out later this year.

In the meantime, my colleagues and I are available to review your current protection and consult with you on the best way to manage your cyber risk.

Jared Ducommun is a sales executive for Howalt+McDowell Insurance, a Marsh & McLennan Agency LLC company. Jared joined Howalt+McDowell in early 2017. A former sales and marketing manager with a communications company, he has 16 years of experience with internet and network infrastructure. In his role at Howalt+McDowell, he specializes in providing clients with cyber risk solutions. Jared’s business connections and access to the global resources provided by Marsh give him a multitude of resources to tap into in order to respond to ever-evolving cyberthreats. Contact Jared at or 605-339-3874.

Want to stay in the know?

Get our free business news delivered to your inbox.

Companies remain exposed, unprotected from cyberthreats

Despite this heightened awareness of cyberthreats, many companies remain exposed, unprotected and uncertain about what steps to take. Here’s what you need to know.

News Tip

Have a business news item to share with us?

Scroll to top