Cybercriminals are caught just 0.05% of the time. Independent agencies must not merely expect law enforcement to fix the entire problem.
By Mike Foy
Cybercrime is profitable and low risk. The World Economic Forum reports, “Cybercrime is a growing business model, as the increasing sophistication of tools on the darknet makes malicious services more affordable and easily accessible for anyone that is willing to hire a cybercriminal.”
The forum reports that the likelihood of a cybercriminal being caught in the U.S. is estimated at 0.05%. U.S. regulators, corporations and policymakers are struggling to improve that rate.
But this low rate proves that independent agencies must not merely wait for law enforcement to catch up.
Insurance firms are prime targets for cybercriminals. We have the customer data they want, from financial and personal to health information. Not only do we store structured data (names, dates, addresses, numbers, etc.), but we also store unstructured data (emails, incident reports, contracts, etc.), which is more difficult to protect. That’s because it can’t be compiled into a standardized format, and its creation, use and management are usually at the discretion of the employee, not the firm.
Smaller agencies may mistakenly think they fly under the cybercriminal’s radar. But no agency is immune to cyber risk, from global carrier to small independent agency. The Small Business Administration warns: “Small businesses are attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses.” Furthermore, a small firm is more likely to founder after a cyber breach because it has fewer resources for recovery.
