Ebola is a terrifying disease. The percentage of deaths is alarmingly high for those infected and especially for those who do not receive immediate treatment. It is also not a new disease, as the first known outbreaks of the virus occurred in 1976 in proximity to the Ebola River in the Democratic Republic of Congo. The disease is spread by means of body fluids, and as disease transmission goes, this is not nearly as efficient or contagious as an airborne virus such as the common cold or the flu. That said, in close quarters and areas of poverty with marginal sanitation, the disease can spread quickly.
While not as physically dangerous as Ebola, a rapidly expanding disease in the banking sector affecting businesses large and small is cyber crime. There have been monumental data breaches at some very large companies, but smaller businesses have often taken the approach that like a disease on a distant continent, this danger is primarily the problem of larger organizations. While they are concerned, everyday procedures are unlikely to be as robust at smaller companies.
The Hartford Insurance Group did a report on cyber risk for smaller businesses (those with fewer than 250 employees). Since businesses of this size are likely to be an important part of your bank's customer base, we share it here. Simple mistakes like clicking on a link in a spoofed email can compromise company data and open the door for the ill-intentioned. Incidents can also arise from malicious insiders, lost or stolen laptops or tablets, or employee error. Once a system is infiltrated, the result can include emptied corporate bank accounts, the theft of customer data, or malicious communication sent out under the name of the invaded business.
While most businesses believe they are aware of the obvious issues, the Hartford study found surprising nonchalance regarding cyber risk from businesses with fewer than 100 employees. A full 27% of these businesses didn't believe that a data breach represented a risk to them and 31% felt such a breach would not materially impact their business, even if one were to occur.
Meanwhile, another report by Symantec found that small businesses accounted for more than 50% of the targeted cyber attacks in 2013, an 11% increase from the year before. Even more sobering was a Verizon Data Breach Investigation Report which showed that 85% of victims of opportunity cyber crimes were small businesses. Targeted crimes often point toward larger organizations where the reward is the greatest, but clearly opportunity crime (those crimes that are the result of a casual search for weakness) are a very real threat for smaller businesses.
For its part, Target's data breach came as a result of a smaller corporate partner that had less secure defenses. Data security is only as secure as the weakest link in a chain, and as Target found out, a less secure provider of services adds significant risk.
Risk management is difficult as it is an ongoing challenge that changes over time. In like fashion, consider that each time there has been an outbreak of Ebola in the past; the disease has subsided on its own for no known reason. For bankers managing risk, we can only wish the cyber security pandemic would react in the same manner, but unfortunately this malady is unlikely to subside on its own. Take steps to prepare your bank by educating your staff and developing and testing a cyber security program that includes your outsourced providers. Consider what your bank would do if a provider was implicated in cyber crime through accident or malfeasance. The dangers to your bank are significant and already present.