The nation is woefully unprepared for a major cyber attack, according to a new report released by the Federal Emergency Management Agency (FEMA). Among 31 core capabilities identified as key for disaster responsiveness, cyber security came in dead last, with a capability level of only 42%.
Cyber attack ranked more serious threat than nuclear explosion
FEMA’s first annual National Preparedness Report also detailed other disturbing findings. For example, when the individual state agencies were asked what would cause the most stress to their emergency response systems, they ranked cyber attacks as the first among human-caused events, ahead of even a nuclear bomb detonation.
The potential magnitude of a coordinated cyber offensive on government and business is significant. But the frequency of cyber attacks is also cause for concern: US Computer Emergency Readiness Team statistics show that from FY 2006 to FY 2010, cyber incidents increased 650 percent, and that nearly two-thirds of US firms have fallen prey to some form of cyber crime. The report notes that these numbers might actually be low, because management often fails to report cyber incidents to law enforcement or other government agencies.
Little action being taken against cyber threat
Perhaps most surprising is that while awareness of the cyber threat is widespread, little is being done about it. In fact, the Department of Homeland Security’s 2011 National Cybersecurity Review, which found that among 162 state and local entities, only a little over half had implemented a formal cyber risk management program.
The private sector is in a similar position: Only 2 of out 10 small and medium-sized businesses have an insurance policy that protects against loss due to cyber crime.
Some tools can slow down cyber attacks
There are some ways government agencies and businesses can fight back, though. For instance, the US Postal Service (USPS), has partnered with the National Cyber Forensics and Training Alliance, to investigate ways to limit cyber attacks. The two organizations use software that can identify emerging digital threats, and have also reverse-engineered code used in cyber attacks on the USPS, leading law enforcement officials to the source of the crime.
Internet insurance can protect private-sector firms
Most private firms have limited digital resources, though, and are easier for cyber criminals to breach. Thus, cyber liability insurance is vitally important. The assaults on businesses come from a variety of sources, including denial of service attacks, malicious viruses that infect the company network and exploit security holes to access private information, and bogus emails seeking confidential data from an unsuspecting employee (a technique known as “spear phishing”).
A single cyber event cost a company hundreds of thousands of dollars – from legally mandated notification expenses to client lawsuits to loss of revenue due to business interruption. But all these cyber risks, and many others, can be insured against with a properly designed, comprehensive Internet insurance policy.