According to Cybersecurity Ventures, cybercrime will cost the world $6 trillion annually by the year 2021.

That’s trillion with a “T”.

That prediction is almost double the $3 trillion it cost annually in 2015.  According to this source, this is the greatest transfer of economic wealth in history and makes cybercrime more profitable than the global trade of all major illegal drugs combined.

Why Such an Explosive Increase in Cybercrimes?​

​It’s a risk and reward game. Criminals seek the greatest opportunity for making the most money at the lowest possible risk. There has been explosive growth in the usage of the internet since it’s invention in 1989.  It took two years after the internet invention for the first website to go live, however today there are more than 1.2 billion websites.  The evolution of technology has allowed for easier creation and utilization of websites facilitating this explosive growth.

The increase in websites is accelerating internet users. In 2017, it was estimated that 51% of the world’s population of 7 billion was on the internet, that’s approximately 3.8 billion users. Cybersecurity Ventures predicts that there will be 6 billion Internet users by 2022 (75% of the projected world population of 8 billion) — and more than 7.5 billion Internet users by 2030 (90% of the projected world population of 8.5 billion, 6 years of age and older). ​

Unfortunately, the need for cyber security and the understanding of it has not followed the explosive trends and we are vulnerable. Data breaches exposed 4.1 billion  records in the first half of 2019. We’ve all heard about the cyber attacks on large companies such as Equifax, Google, Target and Yahoo but 58% of cyber breaches were from small business (250 or fewer employees).

Our security weakness and lack of education on cyber risk are being exploited every 39 seconds. Hackers are attacking on average of 2,444 per day or every 39 seconds. Billions of users create endless opportunities.

Cyber Crime Continues to Evolve

It’s estimated that worldwide spending on cybersecurity will reach $133 billion by 2022 as more and more companies have learned the hard way about the necessity of cybersecurity and have set an example for others.

According to Ginni Rometty, IBM’s CEO, “Cybercrime is the greatest threat to every company in the world.” Cybercrime comes in many different forms. Hackers aren’t just gaining access to databases and selling off consumer’s personal information on the dark web.

They are kidnapping systems, holding data hostage and extorting money.

The culprit? Ransomware. A malware that infects computers and restricts their access to files, often threatening permanent data destruction unless a ransom is paid – and it’s the fastest growing cybercrime.

In July, Garmin was hacked and their systems held for $10M in ransom. For a week Garmin services were down. Emails bounced and phone calls couldn’t connect from concerned customers seeking answers. It’s been a PR nightmare.

Garmin, whose fitness trackers are in the top 10 of fitness trackers, is more than fitness trackers, their GPS services are utilized by the aviation industry. The flyGarmin and Garmin Pilot app both suffered days-long outages, hindering some Garmin hardware used in planes, including flight-planning mechanisms and the ability to update mandatory FAA aeronautical databases.

Garmin’s services were restored last week after paying an undisclosed amount in ransom to the hackers. This attack continues to expose the real threat ransomware poses to disrupt the services utilized by millions and the potential that while holding your system ransom your personal data could be compromised.

Data is Profitable

1 in 5 Americans wear a fitness tracker. It’s become a symbol, an icon if you will of tech-savvy health-minded consumers. If you spot someone wearing a fitness tracker you know they are concerned about their health. They probably share the same fitness goal of 10,000 daily step goal that became popular a few years ago. Fitness trackers are motivated.

I wear my fitness tracker every day. I’m upset when I forget to charge it.  I track my steps and my heart rate. My tracker lets me know if I stood each hour which helps when you sit for most of the day. It’s reminds me to breathe. Well, okay the breathing reminder is a little bit much, but you get the point.

And while you may not be tracking where you go each day and how long you are there, the fitness tracker you are wearing does it behind the scenes. You have zero privacy and you agree to that when you sign up – whether you realize it or not.

My point is our fitness tracker knows a lot about us. Information that would be valuable to hackers. To create a Garmin account you enter your name, email address, etc. To use the health portion, you are entering your date of birth, height, and weight. All of this is personally identifiable information that is valuable to sell on the dark web.

Small Business is a Big Target

It’s big news when Garmin, Target, Yahoo, Google and Equifax is hacked. The media has captured your attention and it’s all you will hear about for days. We don’t hear about the 58% of small businesses who suffer cyber-attacks annually.

It’s the small businesses of America that suffer; 60 percent of small businesses in the United States go out of business within six months of a cyber-attack because they don’t have the proper protections in place. The majority of small businesses will cease to exist after a cyber attack. That’s 6 out of 10, for all of you who are as bad at math as I am!

As with most theft, it goes back to the path of least resistance and small businesses simply do not have the same resources available to protect themselves. Larger companies, like those mentioned in this article, have the resources to employ full-time IT departments dedicated to preventing cyber-attacks and they still get hacked.

So, if you think no one is interested in hacking into your system — think again.

Risk Transfer, Security and Planning are Key

Now let me tell you how to protect yourself before this happens to you.

1. Purchase the right insurance coverage to assist with the costs associated with a cyber-attack. OIA has a robust insurance product that is available to our members as well you can sell to your commercial clients. For more information reach out to Ashley Riley at ashleyr@ohioinsuranceagents.com.
2. Understand the types of critical data you have at your agency. Where is this data stored? Is it backed up and how often? Who has access to it? Is it encrypted?
3. Have a plan in place. A cyber breach disaster plan. You also need to train your employees and implement protocols for internet usage, email and other systems. Get everyone on board in your agency, just as you would with E&O loss-control measures. As an OIA member, you have access to Agents Council on Technology, ACT, and their cyber guide 3.0 to guide you with creating a plan: https://www.independentagent.com/act/pages/planning/cyberguide3/default.aspx
4. Have your website tested by a third party. For obvious reasons, it should not be the same company that built or maintains your website.

Be sure in your planning process you are now including remote work as COVID has necessitated this for many businesses. There are unique challenges that remote work presents. You can access a prior webinar to hear more about cyber security, remote work considerations and resources for planning here: Cyber Risk Management: COVID and Beyond.

Take the time to work on your business today and prepare yourself. Insurance agencies collect a lot of personal identifiable information, which is a gold mine for cyber thieves. Let OIA help you prepare. Reach out for more information or questions.