Convinced a cyberattack is looming, many employers still don't prepare

Many companies think experiencing a security cyberattack is inevitable, but a majority aren't taking adequate steps to protect themselves.

That's the main finding of a new report from insurance firm The Travelers Companies, which found that more than half (52%) of respondents think suffering an attack is inevitable. The firm commissioned Hart Research to conduct a national online survey of 1,201 business decision makers in June 2018.

Despite this, 55% of employers haven't completed a cyber risk assessment for their businesses; 62% haven't developed a business continuity plan; 63% haven’t completed a cyber risk assessment on vendors who have access to their data; and 50% do not purchase cyber insurance.

cyber defense.jpg
Employees read a ransomware demand for the payment of $300 worth of bitcoin on company computers infected by the 'Petya' software virus inside a retail store in Kiev, Ukraine, on Wednesday, June 28, 2017. The cyberattack similar to WannaCry began in Ukraine Tuesday, infecting computer networks and demanding $300 in cryptocurrency to unlock their systems before spreading to different parts of the world. Photographer: Vincent Mundy/Bloomberg

“Cyber risks carry serious consequences for any business, threatening everything from revenue to operations,” says Tim Francis, enterprise cyber lead at Travelers. “These findings reveal some surprising things about how companies view their cyber exposures, their relative confidence in dealing with them and the clear opportunity that exists for them to be better prepared for a cyberattack.”

The number of attacks on company computer systems is on the rise: The average number of security breaches per year increased by 27.4% in 2017, according to Accenture.

Human resource departments can — and need to — play a key role in preventing company cyberattacks, experts recently told EBN. Educating employees about cybersecurity is a big part of that.

See also: Employers overlook a key ally in preventing cyberattacks: HR departments

For example, Kristie Evans, president of HR consulting firm HRPMO, says HR leaders should regularly remind employees to change their passwords to reduce cyberattack risk. A solid employee training program about preventing a cyberattack should also be in place.

HR executives “need to not only pay attention to what is being said to an employee during orientation, they need to have some type of interaction with employees on a regular basis,” Evans says.

With additional reporting from Caroline Hroncich.

For reprint and licensing requests for this article, click here.