Yahoo, Marriott, eBay, Target — we have all heard of these large corporations that have been affected by cyber breaches over the last few years. The financial impact of these breaches can be calculated, but what about their reputational impact? Were you one of the thousands who stopped shopping at Target after their breach, in fear of your personal information getting leaked?

The issue is that, although we hear about the large corporations getting breached, the majority of the breaches are occurring in our own backyard. If you’re a small-to-mid-sized company, you are at a greater risk of a cyber breach compared to those large corporations. You may not hear about these breaches, but the financial strain they have on these companies are just as impactful.

I recently dealt with a matter where a company’s computer system was hacked and a ransom demand was made. The demand was 150 Bitcoins, which, at the time, had a value of $570,000. Not only did the company’s computer system contain private employee information, it also ran most of their equipment that was needed to keep the business going. Our customer was left with no choice but to negotiate and pay the ransom so they could get up and running again.

In addition to informing the FBI, a forensic consultant was notified as well as an attorney who specializes in cyber events to protect the company’s interests. Even after the ransom was paid, the company’s employees’ credit now has to be monitored for 12 months to ensure their personal information was not compromised. It’s easy to see the expenses and time a company puts into recovering from a cyberattack can be just as impactful as the ransom itself. If you’re a small company, these expenses are what could put the company under for good.

Although this was a significant cost for this particular company, the average for these events can be exponentially higher. In IBM’s “2018 Cost of a Data Breach” report, the study shows:

Studies also indicate that 60 percent of small companies without adequate insurance to cover cyberattacks fail within 6 months after the breach.

Whether you’re a large corporation or a small manufacturer, it’s not a question of if you will have a cyber breach, but it’s a matter of when. As a company continues to evolve and grow, your company’s risk must always be evaluated by your internal team. A few years ago, we weren’t talking about cyber risk being a major concern for companies, but in the age of doing everything electronically, the risk is at the forefront for a company’s exposure. Is your company prepared when it does?