COSECURE
Is Proactive Cybersecurity Worth the Cost for Small and Midsized Businesses?
Given the uncertainty of proactive measures, businesses may be tempted to incur reactive costs if a data breach occurs. Brian Gillam, COO of Cozen O’Connor’s ancillary business units and advisory board member to COSECURE, the firm’s security consulting business, writes for Today's General Counsel on why that's a bad call.
— August 31, 2023 — by Brian Gillam, Chief Operating Officer, Ancillary Business Units, Cozen O'Connor
When it comes to cybersecurity, the most important choice business leaders face is determining which risks to address proactively, with assessments, workforce training, policy preparation, and insurance, versus which risks to address reactively, in the form of breach remediation.
Recently, our security business got a call from a mid-sized company that lost $150,000 to a classic business email compromise. The hacker sent a phishing message to an AP clerk, who then gave up his login credentials. The hacker accessed the clerk’s emails and his OneDrive account. Combing through the data, the hacker identified a legitimate vendor receiving monthly payments of $50,000, and then posed as the vendor requesting payment. The company didn’t realize what was happening until three months later.
Could the attack have been avoided? Easily. But, the company reasoned that cyber prevention was just too expensive and they were small enough to escape the attention of hackers.
Stay Updated