SECURING THE FUTURE THE CRITICAL ROLE OF CYBERSECURITY IN BUSINESS LENDING BY NOAH POTTI, CO-FOUNDER, ADVERSIS — A CYBER RISK MANAGEMENT COMPANY GUEST ARTICLE a growing threat that can significantly impact an SMB’s financial stability: cyber threats and the security measures (or lack thereof) that the business has in place. The cyber threat landscape continues to change, with SMBs increasingly becoming targets. According to a report by Verizon, nearly half of cyberattacks target small businesses — virtually any business with a bank account. Yet, many SMBs lack robust cybersecurity measures. A recent report by the cyber insurance firm Hiscox highlights that businesses with novice or immature security practices have breach costs 2.5x higher than those with mature practices. Such incidents can have a dire impact on an SMB’s operations and finances. A cyberattack can lead to substantial direct costs such as ransom payments, data recovery expenses and downtime. Indirect costs include reputational damage and loss of customer trust, which can have long-term financial implications. Other industry data shows real-world costs to businesses ranging from $8,000 on the low end to nearly $300,000 on average per data breach and into the multi-millions for organizations under regulatory compliance regimes. A cyber incident can disrupt business operations, leading to loss of revenue and potential legal liabilities. For example, Adversis recently worked with a midsized company recovering from the compromise of an administrative Microsoft 365 account, losing access to all data stored in its Sharepoint repositories and sending thousands of malicious emails to its business partners. On top of the response costs, the company spent many hours and several sleepless nights concerned about the impact on future contracts. This directly affects an SMB’s ability to service debt. If a substantial portion of their revenue is diverted to addressing cyber incident repercussions, their capacity to make regular loan payments may be compromised. Recognizing this risk, it’s prudent for banks to integrate cybersecurity assessments into their loan evaluation process. This doesn’t mean becoming cybersecurity experts but rather ensuring there is a basic cybersecurity strategy or information security program in place. IIn late 2020, a small New Jersey medical practice experienced a data breach that exposed health info and social security numbers of 1,600 patients. The breach was caused by a server misconfiguration during a software update by the practice owner. The error allowed public access to sensitive patient information on a file transfer site without a password. This exposed data was automatically made searchable by Google and accessible online. The New Jersey Attorney General assessed a $200,000 fine for the misconfiguration and data loss. The firm’s primary clients canceled their contracts. The company closed its doors shortly after. Traditional assessment criteria have long been the bedrock of decisionmaking for banks and financial institutions when considering small- and medium-sized business (SMB) lending. These criteria typically revolve around credit history, financial stability, cash flow and market conditions. However, a new factor is emerging as a crucial element in evaluating loan risks for SMBs: cybersecurity. Currently, when a bank assesses an SMB for a potential loan, the focus predominantly lies on the business’s financial health. This includes scrutinizing balance sheets, profit and loss statements, and the business owner’s personal credit history. The aim is to gauge the business’s ability to repay the loan. However, this traditional approach often overlooks 22 Community Banker
RkJQdWJsaXNoZXIy MTg3NDExNQ==