Risk Managers Report Nearly 70 Percent of Businesses Hacked in Last Year

Almost seven out of 10 businesses experienced some kind of cyberattack last year, according to a survey of risk managers, who also reported that their companies could be doing more to reduce the risk of a data breach.

Last week, anonymous U.S. officials disclosed that the personal data of nearly 4 million current and former federal employees may have been compromised as a result of a cyberattack on the U.S. Office of Personnel Management in December.

According to reports, hackers gained access to federal employees’ Social Security numbers, job assignments, performance ratings, and training information.

The attack is the latest in a long line of large data breaches that have also affected the private sector.

Almost 70 percent of businesses experienced at least one hacking incident in the last year, according to a recent poll by technical risk insurer Hartford Steam Boiler Inspection and Insurance Company (HSB).

The survey of business risk managers, who were polled at the Risk and Insurance Management Society Conference in April and more than 60 percent of whom represented large organizations, also found that more than half of respondents don’t believe their companies are committing enough money or resources to deal with the latest hacking trends.

“Hackers have evolved, and so have their methods of attack,” Eric Cernak, cyber practice leader for Munich Re, parent company of HSB, said in a statement. “Businesses are on high alert, but they can do a lot better. Simply reacting to new threats is not enough. Businesses of all sizes need to anticipate hacking trends and deploy the resources necessary to protect their private or sensitive information.”

Survey respondents said cloud technology poses a notable risk of exposure. They identified loss of confidential information as the biggest threat, followed by service interruption and government intrusion.

To help combat cyber risks, more than 30 percent of risk managers said they were interested in implementing some kind of intrusion detection testing.  Meanwhile, 25 percent reported an interest in employee education programs, and another 25 percent reported an interest in encryption to deter cyberattacks.

For most businesses, including associations, it’s now a matter of when, not if, they will be hacked, said Dave Grulke, executive director of the Cabinet Makers Association, which experienced a cyberattack on its website this past January.

Fortunately for CMA, hackers didn’t gain access to sensitive member information, which is not stored on the association’s website. “The worst anybody could steal would be name, address, and telephone information that they could probably get anyplace else on the web,” Grulke told Associations Now.

After 60 long hours, CMA and its web host were able to get the site disinfected and back up and running, but not without learning a few lessons.

“The best I can advise my fellow association folks is to do everything you can to secure your website and stay up to date on whatever security issues or security programming you have in place,” Grulke said.


Katie Bascuas

By Katie Bascuas

Katie Bascuas is associate editor of Associations Now. MORE

Got an article tip for us? Contact us and let us know!