With the rapid pace of technological advancements and digital transformation, cybersecurity risks have become more complex and dangerous. As these threats evolve, it is crucial for insurers and businesses to stay informed about the challenges they face.
In this article, Insurance Business takes an in-depth look at the most significant cybersecurity threats impacting US businesses. We will analyze the data to understand the scope and financial implications of each threat.
This guide is designed for insurance professionals and business owners to enhance their understanding of cyber risks and their potential impact on operations. Additionally, they can find expert advice on protecting themselves from severe cyberattacks.
### The Top 10 Cybersecurity Threats US Businesses Should Be Aware Of
Cyber threats come in many forms, ranging from malicious software to social engineering scams. Cybercriminals are employing increasingly sophisticated tactics to breach computer systems. Based on the Federal Bureau of Investigation’s (FBI) latest internet crime report, here are the top cybersecurity threats facing US businesses, ranked by business losses.
1. Investment Fraud
- Total losses: $4.57 billion
- Number of complaints: 39,570
Investment scams lure victims with promises of high returns. These scams have consistently topped the FBI's list of cybersecurity threats based on financial losses. Last year, investment fraud led to $4.6 billion in losses, up from $3.3 billion in 2022. Most of the 39,570 complaints involved cryptocurrency, with losses climbing to nearly $4 billion in 2023 from $2.6 billion the previous year.
2. Social Engineering
- Total losses: $2.95 billion
- Number of complaints: 21,489
Social engineering exploits emotional and psychological manipulation to trick victims into revealing sensitive information. This cyberattack leverages motivators like money, love, fear, and status. The stolen data is then used for extortion or competitive advantage. Business email compromise (BEC) is a common form, where attackers impersonate trusted individuals. The FBI received nearly 21,500 BEC complaints in 2023, resulting in $2.9 billion in losses.
3. Data Breach
- Total losses: $534.38 million
- Number of complaints: 3,727
Data breaches occur when unauthorized access is gained to confidential information. Incidents have been rising, with complaints increasing from 1,290 in 2021 to almost 2,800 in 2022, and about 3,730 last year. Financial losses from data breaches totaled approximately $534.4 million in 2023, up from $459.3 million in 2022.
4. Government Impersonation
- Total losses: $394.05 million
- Number of complaints: 14,190
In these scams, cybercriminals pose as government officials to extort money. The FBI recorded 14,190 complaints of such scams in 2023, leading to over $394 million in losses, a 63% increase from $240.5 million in 2022.
5. Identity Theft
- Total losses: $126.2 million
- Number of complaints: 19,778
Identity theft is a major cybersecurity threat due to its difficulty to detect. Attackers steal credentials and impersonate users. The FBI reported almost 19,800 incidents of cyber-related identity theft last year, amounting to $126.2 million in losses, though this represents a 55% decline over two years.
6. Ransomware
- Total losses: $59.64 million
- Number of complaints: 2,825
Ransomware involves encrypting a victim’s data and demanding payment for decryption. These attacks are often initiated through phishing emails or exploiting system vulnerabilities. In 2023, ransomware caused more than $59.6 million in losses from 2,825 reported incidents, excluding other costs like lost time and restoration expenses.
7. Denial-of-Service (DOS) Attacks
- Total losses: $22.42 million
- Number of complaints: 540
DOS attacks flood a network with false requests, disrupting operations. Although they don’t typically result in data theft, they can be costly in terms of time and resources. The FBI received 540 DOS complaints last year, with losses reaching $22.4 million, up from $17.1 million the previous year.
8. Phishing & Spoofing
- Total losses: $18.73 million
- Number of complaints: 298,878
Phishing and spoofing trick users into providing sensitive information. Phishing employs deceptive emails, SMS, social media, and social engineering, while spoofing disguises communications to appear legitimate. The FBI received nearly 299,000 complaints in 2023, with losses totaling $18.7 million, down from $160 million in 2022.
9. Copyright Infringement
- Total losses: $7.56 million
- Number of complaints: 1,498
Copyright infringement involves the unauthorized use of intellectual property. There were about 1,500 reports last year, resulting in over $7.5 million in losses.
10. Malware
- Total losses: $1.21 million
- Number of complaints: 659
Malware includes any harmful software designed to steal data and disrupt operations. Common types are ransomware, adware, spyware, trojans, and worms. The FBI recorded 660 malware incidents last year, causing $1.2 million in losses, excluding ransomware.
### The Financial Impact of Major Cybersecurity Threats on US Businesses
According to the FBI’s internet crime report, cyber incidents resulted in approximately $12.5 billion in losses from nearly 692,000 reports. The top 10 cybersecurity threats alone accounted for over two-thirds of these losses, totaling $8.6 billion.
As the threat landscape continues to evolve, global cybercrime losses are projected to reach $10.5 trillion by 2025, underscoring the critical need for robust cybersecurity measures for businesses of all sizes.
### Strategies for Businesses to Safeguard Against Cybersecurity Threats
A common misconception is that only large corporations are vulnerable to cyber threats, leaving many small businesses unprepared. However, small and mid-sized enterprises can protect themselves without exhausting their resources. Here are practical suggestions from the US Small Business Administration (SBA):
1. Assess Your Cyber Risks
- Conduct a cybersecurity risk assessment to identify vulnerabilities and create an action plan, which includes user training, securing email platforms, and protecting business information.
2. Invest in Employee Training
- Educate employees on basic cybersecurity practices to prevent data breaches caused by human error, which is a common entry point for cyberattacks.
3. Keep Antivirus Software Updated
- Ensure systems are equipped with the latest antivirus and antispyware software, and keep these programs regularly updated.
4. Ensure Networks Are Secure
- Protect internet connections with firewalls and data encryption. Secure Wi-Fi networks by keeping them hidden and protected.
5. Use Strong Passwords
- Implement strong passwords with at least 10 characters, including uppercase and lowercase letters, numbers, and special characters.
6. Activate Multi-Factor Authentication (MFA)
- Use MFA to add an extra layer of security by requiring multiple proofs of identity to access accounts, such as a password and a code sent to a separate device.
7. Conduct Regular Data Backups
- Regularly back up data to ensure critical information can be recovered in the event of a cyberattack or technical issues.
8. Ensure Secure Payment Processing
- Collaborate with banks to use trusted anti-fraud tools and services. Isolate payment systems from less secure programs and use dedicated computers for payment processing.
9. Control Physical Access
- Restrict unauthorized individuals from accessing business computers and grant administrative privileges only to trusted IT staff and key personnel.
10. Get Cyber Insurance
- Cyber insurance can cover financial losses from cyber incidents and pay claims from those affected by an attack on the business.
For those seeking the best coverage, refer to our Best in Insurance Special Reports page, which lists providers offering top-tier service and support in the face of cybersecurity threats.
0 Comments