The average cost of a data breach has risen to a record high, according to a new study by the independent research firm Ponemon Institute. The study found that the global average cost grew from $4.24 million per incident in 2021 to $4.35 million in 2022, an increase of roughly 2.6%. Moreover, the international average price has increased by 12.7% compared to the 2020 average of $3.86 million.

These trends are alarming. What’s your organization doing to fortify its defenses against cyber attacks?

Best Practices

Cyber data — including financial records, sensitive customer information, and employee files stored on the cloud or the company’s technology devices and networks — is one of many organizations’ most valuable assets. Each year, management should evaluate what’s being done to protect these intangibles, where vulnerabilities exist, and how to make the assets more secure. Here are some cybersecurity best practices to consider.

Vet your vendors. Hacks are often perpetrated through the victim’s small or midsize vendors. That’s because smaller companies often lack the resources to put strong security measures in place — and hackers are ready, willing, and able to take advantage.

Some companies limit outside access to their computer networks, refusing supplier and customer requests to share data. Others require vendors to verify their network security protocols. Some companies are establishing cybersecurity ratings — similar to credit scores — based on the amount of traffic to a company’s website from servers linked to cybercrime. As those ratings become more refined, managers may avoid doing business with high-risk customers and suppliers.

Limit access. Companies often have more devices connected to the internet than management realizes. Moreover, when employees take instruments out of the office or work from home, they expose data to less-than-secure home networks and public hotspots that provide wireless internet access.

Evaluate which devices need to be connected to the internet and take steps to minimize off-site risks. Consider limiting which employees can work from home, educating employees about the dangers of cyber breaches, and installing encryption software on devices that link to external networks. Encryption may create compatibility issues when sharing data with other companies and slow down data transmission. But it can be a powerful and cost-effective tool in the battle against cybercrime.

Adopt a continuous-improvement mindset. Protecting against cyber threats is an ongoing challenge, not a one-time event. Every time software, hardware, or application manufacturer releases an update or patch, install it immediately on every device systematically. Why? Hackers constantly troll for the latest patches and updates because they show where vulnerabilities exist. If hackers are elegant, they can exploit these vulnerabilities to steal data before customers can install the fix.

Another helpful prevention strategy is requiring periodic changes to log-in passwords. Hacked passwords can cause a domino effect because people tend to use the same password for multiple accounts. Some companies also use a security question or require users to authenticate their identity using a smartphone as another layer of verification.

Cover your assets. Another popular security measure is cyber liability insurance. Cyber liability insurance can cover various risks, depending on the scope of the policy. It typically protects against liability or losses from unauthorized access to your company’s electronic data and software. Professional and general business liability insurance policies generally don’t cover losses related to a hacking incident.

Instead of purchasing a standalone cyber liability policy, you might be able to add a cyber liability endorsement to your errors and omissions policy. Not surprisingly, the coverage through the approval isn’t as extensive as the coverage in a standalone policy.

Seek outside help. Consider seeking external resources to reinforce your current information technology (IT) policies and procedures. Cybersecurity is an essential task that few organizations can handle exclusively in-house. For example, a growing number of small and midsize companies use outside computer security companies to evaluate vulnerabilities in their networks and test how well in-house IT professionals are securing their networks.

For More Information

Risk assessment is also an essential part of year-end audit procedures. Accountants are familiar with ways to identify and reduce cyberrisks. Failure to protect valuable intangibles against the risk of cyber attacks can turn these valuable assets into costly liabilities.