Risk Management articles

Traditionally, cybersecurity fell under the jurisdiction of IT, tech, or product teams and was overseen by the CISO. While these teams are still the primary players in cybersecurity decisions, the risk landscape is expanding, causing many companies to shift their thinking when it comes to cyber risk and cybersecurity. Because potential cyberattacks pose a larger risk to a business, the entire leadership team and the board (if it exists) should become key stakeholders over a business’ security efforts. The person […]

Remember the good old days when ransomware wasn’t so rampant across industries and all types of companies, large and small? Us too. Unfortunately, the way in which hackers are using ransomware has changed significantly in the last several years, leaving every company vulnerable. So, many companies have turned to cyber insurance to protect their bottom line in the case of an attack.  A recent SonicWall 2022 Cyber Threat Report claimed that governments around the world saw a 1,885% increase in […]

Any investment comes with an element of risk, and when you’re conducting due diligence on a potential startup or are working to mature a company in your portfolio, cybersecurity risk should be assessed and considered as early as possible. That’s because it can quickly spiral out of control and result in financial, reputational, continuity, legal, and compliance risk to the company and the investors In the past, cybersecurity might seem like something that could have been kicked down the line, […]

Many small and mid-sized enterprises (SMEs) choose not to invest in cybersecurity early on, and it’s understandable why, given its impact to the bottom line. Cybersecurity tools, software and services can be expensive, and it’s time consuming to determine which tools you need. You need to weed through more than 3,500 vendors offering solutions and the process of finding the right vendors and onboarding them can take years. Fast-moving startups and SMEs neither have the expertise, time or the money.  […]

7 costs of a data breach and how to minimize them It’s no secret that data breaches are occurring more frequently and they’re expensive. Just turn on the news and you’re sure to hear a story about the millions a major company lost thanks to a leak. Unfortunately, in too many cases, businesses experience a costly breach that could have been prevented. Something as simple as a misconfigured or insecure firewall or lack of two-factor authentication can cost a company […]

Given sufficient time, resources, and motivation, a cyber threat group can breach any organization. While prevention is important, companies should treat data breaches as inevitable and ensure that they are prepared to handle them and minimize their impact. According to the 2021 Cost of a Data Breach Report developed by Ponemon and IBM, the average cost of a data breach is $4.24 million. However, having an incident response (IR) plan in place is one of the best ways to drive […]

Cyberattacks have become a risk that all organizations need to address. As cybercrime has become more organized and professionalized, cyberattacks have also become more numerous, automated, and sophisticated. The reality is that any company can be the target of a cyberattack, and prevention is not enough to protect an organization. Even the most effective cyber solution will miss some attacks so organizations need to be prepared to address an attack at every stage of the kill chain (see diagram below). […]

We discuss what to consider before buying in. The cybersecurity market is complex, to say the least. The current market has over 3500 vendors with new ones being added daily. Coupled with the fact that the threat landscape keeps changing, it’s difficult for any security or risk leaders, especially those in SMEs, to know how to navigate this environment. Does a new threat or risk require a new tool, or does a current vendor have it covered? Vendors aren’t making […]

A majority of small and mid-sized enterprises (SME) have outstanding debt. It’s the cost of growing a business. But you might be surprised to know that your debt can extend far beyond the money owed to a lender. Many SMEs are also accumulating technical debt — the costs associated with reworking code, products, and solutions that have been improperly implemented to deliver a product more quickly. One of the more costly types of technical debt is cyber debt.  Cyber debt […]

The world is watching the terrible conflict currently happening in Ukraine. Russia has attacked the nation in more ways than one, including leveraging cyberattacks as part of the escalating discord. SolCyber, and the information security sector as a whole is on high alert and we recommend organizations know what the elevated risk is and what they can expect from the conflict. CISA, The U.S. Cybersecurity & Infrastructure Security Agency, has issued a “Shields Up” warning to all businesses as a […]

It’s no surprise that data breaches and cyberattacks are on the rise. The Identity Theft Resource Center issued a press release in October of 2021 saying that the number of data breaches that had occurred in 2021 through September had already surpassed the number of attacks in all of 2020 — a year in which small businesses saw a 424% increase in cyberattacks. What’s worse is that adversaries don’t discriminate and they’re using the same tactics against businesses big and small. […]

We spoke to Brian Stuckey, a cybersecurity and risk management expert, investor, and co-founder who provided helpful insight and expertise for this article. For many startup founders and cofounders, the process of raising money from investors and other VCs brings a few different challenges. Potential investors are looking for financially sound companies with a hyper growth potential, the right leaders, and a vision they can trust in. This puts a tremendous amount of pressure on company leaders to ensure their […]

Cyber debt can be incredibly detrimental to a young or growing company and it’s all too easy to accrue. Businesses often fail to set up the proper security measures early on because they are deemed too expensive or time consuming. As people, technology, and devices are added to a business’s ecosystem, they are protected on a one-off basis — or not at all — leaving gaps bad actors can exploit. And because these businesses lack a security strategy, they’re also […]

2021 was a tumultuous year for cybersecurity and, unfortunately, we saw the effects of successful cybersecurity attacks across major companies and industries. The trends we observed in 2020 largely continued in 2021. Ransomware attacks continued to increase and a few major hacks dominated news media around the world. The Colonial Pipeline attack showed how devastating these ransomware attacks could be, and the immediate impact to supply chains and municipal infrastructures. The aftermath of 2020’s SolarWinds hack was also at the […]