Cybersecurity Risks: Protecting Your Data from Cyberattacks

The COVID-19 pandemic has greatly accelerated the use of technology at work, and the risk of cyberattacks has grown exponentially. Katharine Hall, senior VP, cyber practice leader with Aon, and Hugh Wright, partner with McInnes Cooper, discussed the risks and how to mitigate them at our recent virtual conference, Today’s Legal and Legislative Landscape Across Canada.

When a huge portion of the population suddenly started working remotely, the lines between work and home life became blurred. People got used to being online and clicking all the time—whether it was answering work emails or buying groceries, Hall explained. “What it really did was create an environment in which the threat actors, who were looking at cybersecurity, had all kinds of opportunity.”

Many employers weren’t prepared for that shift. According to Aon’s 2021 Cyber Security Risk report, less than half (40%) of organizations say they have adequate remote work strategies to manage the risks, and just 17% feel they have adequate security measures in place to match the pace of their digital evolution.

Cybersecurity Risks: Protecting Your Data from Cyberattacks

The Business of Ransomware

From a risk standpoint, “what’s moved to the head of the class is ransomware, and you see it everywhere,” said Hall. Data from the Coveware Ransomware Market Report shows there was a 336% increase in ransomware claims in Q4 2020 versus Q1 2019 and a 148% spike in ransomware attacks tied to COVID-19, costing businesses an estimated $20 billion USD.

Ransomware attacks are becoming increasingly more organized, targeted and expensive. The average ransom payment is now 10% to 20% of an organization’s revenue in the previous year, she noted. And it’s become a big business: some large ransomware organizations even have customer service lines allowing you to rate your negotiator when the ransomware attack is over, Hall added.

Managing the Risks of Cyberattacks

Fraud Prevention Institute for Employee Benefit Plans

When it comes to data breaches, it’s really a question of when, not if, said Wright, noting that about eight in ten organizations faced at least one cyberattack in 2019-2020. In fact, more data records were stolen in 2020 than in the previous 15 years combined, he added.

What actions can employers and plan sponsors take to manage the risks? Wright explained there are three main approaches:

  1. Risk reduction through cyber-resiliency—including data breach prevention and response;
  2. Risk transfer through purchasing cyber insurance; and
  3. Risk allocation through service provider contracts—including language on how your providers collect and use personal information, compliance with applicable laws (e.g., privacy laws), incident reporting, and liability limits and indemnities.

The reality is, your organization may be exposed to risks without even knowing it. “Ultimately, you’re really only as secure as your service providers, and your service providers are really only as secure as their service providers,” Wright noted. “So you really do need to focus on your supply chain.”

Key Steps to Improve Your Cybersecurity

Hall advised employers and plan sponsors to take the time to clearly understand their cyber exposure, know what cyber insurance coverage they have (if any), and ensure staff are appropriately trained on cyberattacks and what to look for. Wright added that knowing what your vendors are doing—or not doing—to mitigate cybersecurity risks is vital. “If you don’t understand it, they didn’t explain it.”

And it can’t be a one-off: managing cyber risk needs to be an ongoing process. “Because the environment is continuously changing, your response to that has to be continuously changing,” Hall concluded.

[Related Reading: Five Strategies to Help Thwart Ransomware Attacks on Your Plans and Trusts]


Alyssa Hodder
Director, Education and Outreach – Canada

The latest from Word on Benefits:

Fraud Prevention Institute for Employee Benefit Plans

Alyssa Hodder

Recommended Posts

The Growing Importance of Cross-Cultural Competence

Eli Argueta
 

In the ever-expanding global marketplace, organizations are increasingly embracing the importance of understanding and respecting diverse cultures. Nowhere is this more crucial than in the realm of global benefits, where effective communication and collaboration across cultural boundaries can make all the difference. […]

Measuring and Addressing Burnout and Stress in the Workplace

Anne Patterson
 

According to the International Foundation’s Mental Health and Substance Use Disorder Benefits Survey Report, 96% of the workforce is stressed—either somewhat or very. With mostly every worker facing stress at some level, it’s important for plan sponsors/employers to know how to identify […]

Student Loan Repayment and Financial Wellness Benefits: What’s New?

Anne Newhouse
 

Student loan repayment has been more top-of-mind in recent weeks with President Biden’s announcement on February 21, 2024. The Department of Education emailed 153,000 borrowers that student loans were being discharged for those enrolled in the Saving on a Valuable Education (SAVE) […]

Paid Family and Medical Leave Legislative Developments

Jenny Gartman, CEBS
 

Proposals for paid family and medical leave at the federal level historically haven’t had enough support to become law. Many states have added paid leave mandates since 2017, creating a challenge for multistate employers seeking to deliver consistent benefits to their entire […]