As business leaders we strive to create value. Risk management is at the heart of our ability to succeed. In a competitive, non-monopolistic market, if we sell one product to one customer, this could be called a high-risk scenario. A startup business with zero revenue is riskier than a $500M revenue business that has been in business for over a hundred years. An unskilled workforce is riskier than a highly skilled workforce. A reactive culture is riskier than an intentional culture. The list could go on and on. Yet, the point is that as business leaders we are continually making risk versus reward decisions.
Let’s take a look at cyber security risk management. Cybercrimes continue to increase in frequency and impact. 42% of small businesses reported a cyber-attack in 2021 with estimated U.S. damages of $6T. The impact of cybercrime to a small business is much more impactful than a larger enterprise. Cyber insurance is one form of risk management, yet the cyber insurance premium rates are up 174% per million for 2022. While hardware and technology systems are an important factor in discouraging attacks, the majority of successful cyber-attacks are a result of the human element. Simply put, opening a link in an email and sharing information with a cybercriminal leads to much higher financial consequences to a smaller enterprise.
Step 1. Technology hardware and systems must be updated and at the highest level possible for the organization. Work with your finance and IT experts to assess.
Tip 1: Ensure all systems require two-factor authentication.
Step 2. Create meaningful cybersecurity policies and procedures. Work with IT and HR to assess.
Tip 2: Run quarterly dark web scans.
Step 3. Every business must have some form of cyber insurance coverage based upon their risks. Work with your finance experts and insurance agent to assess.
Tip 3: Require agents run quotes through multiple carriers that focus on cyber insurance.
Step 4. An effective cyber security awareness training should be implemented. The training should be consistent, ongoing, and unpredictable with leaders and employees having a visual measure of impact. Work with your HR leaders to assess.
Tip 4: Create an employee leaderboard and bring gamification into the process.
In this scenario, cyber security risk management involves multiple internal and external expertise while engaging the entire organization. In the end, insurance as protection from financial loss is necessary, however there are additional hedges that leaders can consider.
At RiseWell, we bring a comprehensive consultative approach to helping business leaders manage risk. Contact us to learn more about our cyber, wellness, and safety solutions coupled with group health, workers compensation and cyber insurance to optimize your value creation.
Kirk McMillan is an experienced business leader having built multiple businesses, including a $60M distribution company with 75 employees. His passion is helping small business leaders manage risk in innovative ways.