As usual, Warren Buffet's 2019 shareholder letter has drawn attention for what some may consider to be a surprising risk to his insurance portfolio -- a cyber security disaster comparable to a catastrophic earthquake. He's talking about an event or string of events that disrupts society and shuts down businesses with a significant impact on the economy.
This article's author describes three approaches to adopt as a reaction to this threat. And they make sense for businesses of all sizes.
First, the author argues complacency is affecting CEOs. There are so many reported breaches and attacks, that it's beginning to be viewed as just a routine part of running a business. But others – probably small business owners -- negligently ignore the threats, feeling resigned to their inability to effectively deal with events that seems common but unpredictable like a tornado or other extreme weather disaster.
The second piece of advice is to accept the reality that the enemy has any individual company out-matched and that outsourcing to specialists is the only sensible place to begin (once your head is out of the sand). Here's where small businesses with limited resources, again, face special risk because they give up the fight. It’s like saying you aren’t going to sweep the sawdust and crumpled paper off of your shop floor just because you don't have an elaborate sprinkler system.
Finally, the author points out that the government may be warning business owners, but it's not going to help. Don't expect the FBI to roll back a ransomware attack or remediate your data breach. In fact, the regulatory arms of the government will hold you accountable for negligence (which includes inaction) as a lesson to others.