2017 was another bad year for cybersecurity. The cost of ransomware topped $5 billion and is expected to rise to $11.9 billion annually by 2019. Just two years after that the total cost of cyber crime is projected to top $6 trillion. It's not surprising that between 2017 and 2019 spending on cybersecurity is expected to reach $1 trillion annually.
The number one lesson to take away from 2017 is that cyber crime is an immediate threat to every business on earth. However, looking at some of the top breaches, hacks, and leaks throughout 2017 reveals how broad and complex that threat really is:
When a backup drive that was not password protected fell into the wrong hands bad actors had easy access to sensitive government records. These revealed that TSA officials at a New York airport routinely failed to check passenger's names against the no-fly list. One lost hard drive led to a national security scandal.
Verizon Security Lapse
One of Verizon's third-party suppliers was found to be operating an unprotected server. When hackers found this same server they were able to steal personal information from 14 million Verizon subscribers. Cybersecurity issues at much smaller third-party firms can have real consequences for the companies that partner with them.
For the fifth consecutive year the NSA was hit by a data breach. A disk with over 100 gigabytes of sensitive data fell into the wrong hands. In the process a domestic surveillance program was revealed. Even an entity as invested in security and secrecy as the NSA has persistent problems with cybersecurity.
The credit monitoring company was responsible for one of the largest data breaches in history when personal records for 143 million users fell into the wrong hands. Equifax made the damage worse through a bungled PR campaign. Recovering from a cyber incident requires both technical solutions and a carefully coordinated response effort.
Problems discovered in the servers of this networking company caused sensitive customer information to be leaked out for months. The scale of the leak is alarming, but what's really troubling is how long it went unnoticed. Even once an attack is in progress it may fly under the radar until it multiplies the damage.
One of the largest ransomware attacks in history happened in 2017 when WannaCry compromised millions of computes across more than 100 countries. Again, the scope was shocking, but the fact that hackers targeted organizations like hospitals and put actual lives at risk highlights how dangerous ransomware has become.
The ride sharing company did further damage to its reputation after it exposed the private information of 57 million users. Later it was revealed that the breach was covered up for months. Uber is an example of how a poorly timed data breach can take existing problems and make them drastically worse.
Thousands of companies in the hospitality industry rely on Sabre's reservation software. So when the company was hacked all of their partner companies were affected as well. The lesson is that a breach in one location can quickly spread in dozens of directions.
US Air Force Leak
An unsecured backup drive with sensitive information related to several high-level Air Force officials leaked in 2017. Once again, institutions with ample policies and protections in place are revealed to be highly vulnerable to cyber incidents both accidental and intentional.
After hackers gained access to the email server of this tax and auditing giant they had unrestricted access to extremely sensitive information. As with many of the other breaches on this list, hackers used relatively simple tactics to bypass cybersecurity and gain access to highly confidential information.
This list is far from complete, but it is representative. In 2017, as with 2016 and basically every year previously, hackers got the best of the world's biggest companies and best intelligence agencies. They gained access to information, systems, and controls that all have grave consequences in the wrong hands. Plus, hackers managed to bypass some of the most sophisticated cybersecurity currently in place.
What this means for companies no matter how big they are or what industry they operate in is that a cyber incident is almost inevitable. When it strikes there is likely to be inadequate protection in place. And, afterwards, companies face a barrage of lawsuits, fines, fees, added costs, and lost market share.
An attack may be inevitable, but it doesn't have to be an existential threat. Companies cover losses related to cyber incidents by relying on cyber insurance policies. These policies do not deflect threats and they may not cover all losses. But they do provide the insulation companies need to survive a cyber incident and thrive afterwards.
Explore this site to learn all you need to know about finding, selecting, and utilizing cyber insurance.