By James Edgar, Senior Vice President and Chief Information Security Officer, FLEETCOR
Undoubtedly the last two years have been incredibly challenging for businesses, as many companies grappled with the health and safety of employees, massive revenue loss, threats of closure and the great resignation. To make matters worse, as businesses set their sights on recovery, cybercriminals focused on taking advantage of any vulnerabilities available.
According to the FBI’s Internet Crime Report, the Internet Crime Complaint Center (IC3) saw a 69% increase in total complaints from 2019 to 2020. Business E-mail compromise, phishing and ransomware all are on the rise.
Yet, despite an uptick in cyberattacks since the pandemic began, global corporate payments provider FLEETCOR surveyed business owners and learned 91% say they have not fallen victim to a cyberattack in the last 12 months.
According to FLEETCOR’s 2021 Insights on Business Cybersecurity Study, for small companies with 20 or fewer employees, the number dips even lower with just 7% of survey respondents saying they fell victim to a cyberattack during the same timeframe. For businesses with 21-50 employees, that number doubles to 14%.
Survey results show businesses are becoming increasingly aware and diligent in their security practices, especially as the pandemic reshapes work environments, including increased cloud adoption and companies welcoming hybrid work scenarios. However, the threat of a cyberattack still looms.
Business disruption is the most prevalent concern
Nearly two-thirds (62%) of FLEETCOR survey respondents report concerns their business is at risk of becoming cyberattack prey, while 83% strongly agree cybersecurity breaches are damaging to business. Not surprisingly, when asked to select the most concerning cyberattack consequence, 65% of respondents chose loss of profitability and/or disruption to operations. And it’s no wonder since, in 2020, the average cost of a data breach was $3.86 million, according to the Cost of a Data Breach Report by Ponemon Institute.
Little spent on cybersecurity protection
Despite the high level of apprehension for being at risk of a cyberattack, few businesses surveyed by FLEETCOR put their money where their concern is. Fifty-seven percent of respondents said they allocate 5% or less of their annual IT budget to cybersecurity protection, while 25% allot 6%-10% of their IT budgets to this cause. Although they’d like to spend more on cybersecurity protection, lack of capital resources is the primary reason businesses don’t.
Digital payments here to stay
As many businesses at the onset of the pandemic temporarily closed physical locations, digital payments soared, and this shows no signs of slowing. More than half of American business owners (53%) surveyed said the global crisis increased their adoption with apps being the most executed method. It’s no wonder since they’re easy to use, safe and can be used around the clock.
And while secure digital practices should be table stakes for companies conducting business with other companies, most respondents – four out of 10 – don’t know about their vendors’ cybersecurity policies and practices. More than 20% rely on word of mouth and said they had no knowledge regarding this matter at all.
This practice of not knowing is risky. When vendors lack strong security controls, your company is exposed to a myriad of risks – financial operational, regulatory and reputational, to name a few.
Don’t risk it
Going into the new year, evaluate your company and vendor security practices and identify areas you might be falling short. Consult with your fellow business leaders and put a plan in place to mitigate risk. The last two years have proven life is unpredictable, but the more you understand your business risk realities, the better equipped you will be to handle security challenges.
About the Author
James Edgar, Senior Vice President and Chief Information Security Officer, FLEETCOR
James Edgar is currently SVP & CISO for FLEETCOR Technologies, a global leader in fuel, lodging, tolls and commercial payment solutions. He oversees the global Information Security and IT Compliance teams, which span four continents and multiple business lines. Before joining FLEETCOR, James was the VP of Security Architecture, Risk and Assurance for U.S. Bank’s payment processing division, Elavon. Prior to joining U.S. Bank, James led the Security Architecture and Risk team for Cox Communications, the 3rd largest cable operator in the nation. James has served on the Steering Committee for the Payment Processors Information Sharing Council (PP-ISC), participated in the NIST Cybersecurity Framework (CSF) development workshops and has been actively involved in the governance, risk and compliance (GRC) community in Atlanta.