Randy Sadler

Principal, CIC Services LLC

Cyber crime is now the world’s largest business running in the trillions of dollars. So far, the “bad guys” are winning. So business owners need to do more than hope and pray that their businesses won’t be next.

Cyber crime is now the world’s largest business running in the trillions of dollars. So far, the “bad guys” are winning.  So business owners need to do more than hope and pray that their businesses won’t be next.

Cyber attack is an emerging risk that also threatens countertop manufacturers and other businesses in the stone-cutting industry. A cyber attack can shut many businesses down…stone cold. How would your business be impacted if cyber thieves hacked your customer database, including credit card information?  How will your business fare if your web-site is shut down or a hacker encrypts all of your computer systems and files and demands a hefty ransom payment? Furthermore, if you own a larger shop, are you protected against a cyber attack which could take down your sensitive CNC equipment directly linked to an digital templating system?

When we share our Enterprise Risk Management (ERM) with a Captive Insurance Company (CIC) Strategy with countertop manufacturers, we stress business survival, and cyber attack is one of the critical risks we highlight. Captive Insurance Companies are ideal for addressing cyber attack because policies can be written with few exclusions, and the favorable tax treatment of small CICs enables stone-cutters to amass significant loss reserves to provide liquidity in the event of a breach. CIC insurance policies can be customized to address the cost of a cyber breach, business interruption (lost revenue) and damage to your reputation. 

And, this evolving risk is more and more ominous. The Denver Post recently reported that “60 Percent of Small Companies that Suffer a Cyber Attack Are Out of Business Within Six Months.”  On October 23, 2016, Gary Miller of GEM STRATEGY MANAGEMENT authored the article that points out the growing threat that mid-market and small businesses face.

In his article, Miller points out that:

The U.S. National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.

One might think that cyber criminals only focus on large companies, like Target. Or perhaps North Korea will attack your business if you make a movie about their bumbling head of state. This simply isn’t the case. Miller makes it clear that:

Small and mid-sized businesses are hit by 62 percent of all cyber-attacks, about 4,000 per day, according to IBM. Cyber criminals target small businesses because they are an easy, soft target to penetrate. They steal information to rob bank accounts via wire transfers; steal customers’ personal identity information; file for fraudulent tax refunds; and, commit health insurance or Medicare fraud.

Miller provides a list of steps small and mid-market businesses should take to protect themselves. One of his recommendations is to purchase cyber insurance. We certainly agree. Many businesses should have cyber attack and its effects insured both commercially and via a captive insurance company, resulting in layered holistic coverage designed to ensure the company’s survival.

Other steps businesses can take are outlined below:

Remember, most cyber breaches happen because an employee does something that they aren’t supposed to do. Basic training can stop a majority of low-level threats. But, coaching your employees on data protection is not enough. Business owners must establish data security protocols, policies, practices and procedure that every employee takes seriously.

Create a business continuity and incident response plan. This will be put into effect immediately once you know your systems have been compromised.

Keep security software current.  Having the latest security software, web browser and operating systems are the best defenses against viruses, malware and other online threats.

When in doubt, delete it. Links in e-mails, tweets, posts and online advertising are often how cybercriminals try to steal information. Even if you know the source, if something looks suspicious, delete it.

Protect all devices that connect to the Internet.  Along with computers, smartphones, tablets, and other web-enabled devices need to be protected from viruses and malware.

Plug and scan.  USBs and other external devices can be infected by viruses and malware.  Use your security software to scan them.

Encrypt your most sensitive files.  Encrypting data is a process of converting data into a form, where it becomes unintelligible to any person without access to a key/password to decrypt the data.

Expand beyond IT. Don’t delegate cyber crime prevention solely to your IT department and tell them “get on with it.” Embed these practices across all areas of your business.

Miller concludes his article: 

Cyber crime is now the world’s largest business running in the trillions of dollars. So far, the “bad guys” are winning. So business owners need to do more than hope and pray that their businesses won’t be next.


If you have any questions about Enterprise Risk Management with a Captive Insurance Company as a means of addressing cyber risk in your countertop manufacturing, please don’t hesitate to reach out to me. Call 865-599-6104 or e-mail randy@cicservicesllc.com