Is Proactive Cybersecurity Worth the Cost for Small and Midsized Businesses?

Given the uncertainty of proactive measures, businesses may be tempted to incur reactive costs if a data breach occurs. Brian Gillam, COO of Cozen O’Connor’s ancillary business units and advisory board member to COSECURE, the firm’s security consulting business, writes for Today's General Counsel on why that's a bad call.

August 31, 2023 — by Brian Gillam, Chief Operating Officer, Ancillary Business Units, Cozen O'Connor

When it comes to cybersecurity, the most important choice business leaders face is determining which risks to address proactively, with assessments, workforce training, policy preparation, and insurance, versus which risks to address reactively, in the form of breach remediation.

Recently, our security business got a call from a mid-sized company that lost $150,000 to a classic business email compromise. The hacker sent a phishing message to an AP clerk, who then gave up his login credentials. The hacker accessed the clerk’s emails and his OneDrive account. Combing through the data, the hacker identified a legitimate vendor receiving monthly payments of $50,000, and then posed as the vendor requesting payment. The company didn’t realize what was happening until three months later.

Could the attack have been avoided? Easily. But, the company reasoned that cyber prevention was just too expensive and they were small enough to escape the attention of hackers. 

Read more on Today's General Counsel.


COSECURE, an ancillary business of Cozen O'Connor, has been on the leading edge of security and risk management for over 20 years and is actively protecting global Fortune 100 companies, law and technology firms, and high net worth individuals.

© 2024 COSECURE Terms & Conditions Privacy Policy