Most businesses have security defenses in place, but are they enough?

Phishing is the most common cyberscare businesses have gone though, a new poll indicates.
Phishing is the most common cyberscare businesses have gone though, a new poll indicates.

Cyberattacks take on all shapes and sizes, seemingly happening on a daily basis, as news headlines depict the latest data theft victim. So it may come as no surprise that the vast majority of large businesses in the U.S. are shoring up their security defenses, a newly released survey suggests. However, there's some question as to whether they're paying off.

In a poll of 300 businesses whose employee base totaled at least 500, approximately 90 percent indicated they have a cybersecurity policy in effect, according to Clutch, a rating and reviews firm based in Washington, D.C.

"Almost 60% of businesses have encountered phishing scams."

Phishing most common attack businesses experience
As previously referenced, hackers use a variety of strategies to steal sensitive data, including phishing, malware, denial of service attacks (DDoS) or exploiting software that hasn't been updated with security patches. Phishing attacks are among the most common, experienced by 57 percent of businesses that participated in the survey. As the title suggests, phishing involves hackers attempting to trick people or businesses into leaking their private data, usually through emails that look official and trustworthy. Phishing can also be carried out via telephone or text message.

Meanwhile, 47 percent of companies in the Clutch poll said they'd been hit with malware in the previous year. Malware is typically embedded into software that, once downloaded, can infect a computer's performance capabilities, sometimes spreading to other machines within a network.

Brad Huse, sales director at PayneWest Insurance, stresses how important it is to be cyberaware, but companies must implement a proactive strategy to stay safe.

"Cybersecurity is an important component in managing cyber exposures, but unfortunately, having a robust cybersecurity plan is not enough," Huse advised. "If a breach occurs, businesses need a comprehensive cyber policy to respond to the loss."

Large companies aren't the only ones that are in hackers' crosshairs. The same can be said for small and mid-sized businesses. Last year, more than 70 percent of SMBs were hit with a malware-related attack, according to a poll done by Osterman Research. Additionally, 43 percent acknowledged being adversely affected by a phishing scam.

Michael Osterman, principal analyst, warned that companies with fewer employees all too often operate under the assumption that they're too small to be impacted. This survey suggests otherwise. 

"With 71 percent of IT managers at small and medium-sized businesses reporting recent data breaches and less than half of them expressing confidence in their ability to protect against advanced threats, it's not surprising to see SMBs increased their IT security spending 23 percent over the last year," Osterman explained.

Defenses often insufficient
Cybersecurity experts warn that it's not enough to simply have a defense mechanism in place; businesses also need to put its effectiveness to the test. This is something that a majority of companies neglect to do – not just in the U.S., but around the world. In a poll of 400 business and security professionals, nearly 60 percent said their company was deserving of a failing or barely passing grade when it comes to establishing the reliability of their cybersecurity systems, according to IT security provider Thycotic. 

Joseph Carson, chief security scientist for the account management solutions firm that conducted the study, said the findings are revealing.

"It's really astonishing to have the results come in and see just how many people are failing at measuring the effectiveness of their cybersecurity and performance against best practices," Carson explained.

All told, entities spend an estimated $100 billion per year on cybersecurity programs, according to Thycotic's calculations.

In addition to having an internet and data protection system in place, it's also important to have the proper coverage when defenses fail. PayneWest Insurance specializes in cyber insurance and can deliver highly effective results to reduce exposures to risk. This is possible through exposure mitigation. What's more, our custom-crafted coverage is designed to fit companies of all sizes in a variety of industries.

"A combination of implementing and maintaining a cyber risk management plan with a cyber policy are a necessity for today's business owners and leaders," Huse said.