Cyber threats have changed and attacks are not just levied against large corporations like Target, TJ Maxx, Sony, or government infrastructure like the Colonial Pipeline. There is a level of prestige in successfully hacking an enterprise level company or government infrastructure; however, the monetization and economics have been reduced. Black market prices for novel credit card numbers is a fraction of what it used to be.
Cyber crime has shifted to high volume, high probability of success, but smaller rewards. Latest data from Accenture shows 43% of attacks are aimed at small businesses with more than 50% of small businesses suffering a breach within the last 12 months. This is an annual increase of 424%, with ransomware being the most common attack. The average ransom is over $70,000. While this number seems low, this represents over 2x the average annual income in the home countries where many hacker’s reside.
The damage to small businesses is staggering. Nearly 60% of hacked companies close their businesses within 6-months. This shows the financial and reputational damage a company may sustain if not adequately prepared. Companies do not question the purchase of General Liability Insurance, Worker’s Compensation, or Fire Insurance but they do not purchase Cyber Insurance even though it has a greater probability of an insurable event than all other policies combined.