Cybersecurity risks have moved downstream, and have become an existential threat to every small business. According to Per Statista, in April 2017 it was reported that approximately 14 million small businesses had been hacked in the preceding 12 months. But a few industries are more vulnerable to cyber attacks, and should consider a greater investment in their cybersecurity. These industries are at a greater risk because the value of the data they transact in is high, but their relative sophistication is low.
The industries most exposed for cyber risk should consider a greater investment in their cybersecurity prevention and controls, and should generally adopt the strictest standards for data protection and security available.
The most at-risk types of companies include:
Professional Services companies include (among others) lawyers, CPA’s, consultants and marketing firms. In many cases, these companies deal in sensitive personal data or intellectual property, have valuable reputations to protect and often have relatively deep pockets, which makes them a good target. Take for instance a small CPA, they often have client tax records, social security numbers, birthdays and other records. They are often managed by an older and unsophisticated CPA who is more focused on his April 15th deadline than securing his client data.
Financial Services firms include financial managers, securities brokers, benefits administrators, insurance and investment brokers etc. They are very often high-transaction companies, transmitting significant amounts of sensitive data. They are often also sales-driven companies, which means they may have employees who are more focused on selling services than on best-practices for securing data.
Financial Services are also one of the most regulated industries in the US, which turns up the volume on the penalties and optics for companies that suffer a breach. In fact, according to the Ponemon Institute, LLC, the average cost to manage cyber-crime is over 40% higher than average for other sectors.
Government Supply Chain
The government and Department of Defense supply chain is enormous, and malicious actors have begun targeting the suppliers as an easy entry point for valuable data and secrets. In some cases, these have been reported as State-funded actors, while others are linked to terrorism and organized crime. Small companies in the government supply-chain often have “grown up” in their role, maturing from a tiny to a small business focused on “the work” rather than on measures like cybersecurity.
As an example of the complexity, here is an image of the Cybersecurity related Policies and Issuances developed by the DoD.
Readers of this blog may notice that Healthcare and banking are absent from this list. While healthcare and banking are very high-risk, they are not vertical markets Upward currently focuses on.
If your organization has not invested in improving your cyber-posture, there is no time like the present. Reach out to Upward today for a free evaluation and review of your current cybersecurity posture.