With network security top of mind, businesses are nearly two times more concerned with losing private data (47 percent ) than hackers disrupting their systems (26 percent), according to the 2016 Network Security and Data Privacy Study, by Wells Fargo Insurance. Misuse of technology among employees also emerged as a new, growing threat (seven percent), while network viruses and disruption of operations fell slightly to less than 10 percent from 2015.
The study also found that there is a growing need for companies to improve employee education and training on data security. Two in 10 companies do not have an employee awareness training program, while 15 percent don’t require any training for employees.
“It’s surprising that businesses are not more concerned with employee misuse of technology —what I like to call the human factor,” said Dena Cusick, national practice leader with Wells Fargo Insurance’s Technology, Privacy and Network Risk National Practice (PDF). “Cyber risk management is first and foremost about education. Informing and regularly training employees on security protocols and incident response plans is critical for businesses today.”
The study revealed the top eight network security and data privacy concerns among businesses this year:
|Loss of data – 47%||(45% in 2015)|
|Hackers – 26%||(25% in 2015)|
|Security breaches – 26%||(20% in 2015)|
|Maintaining reputation – 9%||(4% in 2015)|
|Viruses – 7%||(10% in 2015)|
|Software vulnerabilities – 7%||(7% in 2015)|
|Employee misuse of technology – 7%||(0% in 2015)|
|Other – 7%||(13% in 2015)|
In addition to network and data breaches, companies face another imminent threat— imposter fraud, a new twist on phishing scams where a fraudster gains access to the email account of a company’s senior executive and then requests that a payment be made to a specific bank account. One in five large companies surveyed has been a target, and the incidence is even higher for companies with more than 2,000 employees or $500 million or more in revenue. Of those victimized, many of the businesses suffered a financial loss, which was often more than $500k.
“Every organization, regardless of size, needs to make cybersecurity a priority within their business,” added Meredith Schnur, senior vice president of the professional risk practice at Wells Fargo Insurance. “I handle five-to-10 incidents each week from clients who are not well-known brands. No organization is immune.”