By Anthony Schoettle

Cybersecurity is among the hottest of tech topics today – and a recent study shows how Indiana entities are fending off hackers.

That’s vital because the list of businesses and other organizations that have been successfully targeted by hackers is growing daily. Indiana businesses and organizations recently facing cyberattacks include, Eskenazi Health, Herff Jones, Marion County Public Health Department, Kokomo-Howard Public Library, the city of Gary and Lawrence County Government Systems.

Conducted by Indiana University’s Kelley School of Business, Indiana Business Research Center and the University of Arizona, the study gives us the first glimpse of the state’s strengths and weaknesses when it comes to Hoosier cybersecurity.

The study – recently submitted to the Indiana Executive Council on Cybersecurity – was derived from more than 300 responses from various public and private entities including businesses, utilities and government and other organizations.

The report uncovered some encouraging – and troubling – findings.

One in five respondents reported being the victim of a successful cyberattack in the last three years. Half of those reported losing data as a result.

More than 80% of the responders said their organizations have taken steps to prevent cyberattacks.

Of the businesses and other organizations taking part in the study, 95% reported having installed antivirus software and more than 75% have updated or patched their existing software.

More than 70% have trained their employees on ways to reduce cyber-related risks. Other measures implemented include firewalls, spam filters, multi-factor authentication and hiring cybersecurity consultancies.

The development and implementation of a cyberattack response plan is on the rise, with 27% of the organizations saying they have one.

The management and point person dealing with cyberattacks varies. Only about 15% of the responding organizations said the responsibility rests on their chief information officer. The chief executives of 14% of the organizations in the study are in charge of managing cyberattacks.

Frighteningly, nearly one in five of responding companies reported either having no plan to combat cyberattacks or are unsure what to do to prevent them.

“Indiana organizations are by and large aware of the multifaceted cyber threats facing them, but the vast majority have not created incident response plans for how to manage data breaches that could result from these threats,” states Scott Shackelford, associate professor of business law and ethics, and chair of the IU Cybersecurity Program.

It’s important to note – especially to those that think a cyberattack won’t happen to them – that hackers are not always out to steal data. The point often is to hold an organization’s entire computer/IT system hostage and demand a ransom.

Shackleford says there is concern that there is no general agreement on how to manage cyber risks or even who should be leading that defense. Nor, he adds, is there a plan by many organizations to have employees work together and with their partners to facilitate cybersecurity.

There is a growing consensus on at least one issue: the importance of insurance against cyberattacks.

That’s not surprising. A huge increase in ransomware has spurred the interest. The U.S. was hit by a record barrage of ransomware attacks in 2019 that impacted at least 966 government agencies, educational establishments and health care providers at a potential cost of more than $7.5 billion, according to multiple sources.

The average cost of cyber insurance in the U.S. is $1,485 per year or $124 per month, according to AdvisorSmith, a New York-based research firm. That’s a lot less than paying to deal with a cyberattack after it happens. For small businesses, that cost averages around $36,000 to recover from a data breach, according to First Data, an Atlanta-based financial services company. For midsize and larger businesses, the cost can quickly increase into the triple digits.

More than half of the respondents in the Indiana study said they have purchased cyberattack insurance coverage with another 25% considering it.

Anthony Schoettle is the director of communications for the Indiana Chamber. He started with the Chamber in 2021 after a long career in journalism. He’s won multiple awards for his storytelling ability on a wide range of business topics.