The healthcare industry is a veritable honeypot for cybercrime, replete with vast amounts of sensitive digital information that expands in number and scope daily, including personal medical data and payment card details. This data is increasingly attractive to hackers, particularly those using ransomware to lock out organizations and hold onto sensitive information until the organization pays up.

Arctic Wolf’s acquisition of Habitu8 is a bold step forward in advancing security awareness training programs as attacks like phishing and credential theft continue to thrive. With 85% of attacks against organizations starting with human error, it’s perhaps not surprising that we continue to see low-quality, antiquated, and severely dated content recycled through organizations.

Recently, I started to read the invaluable book Software Engineering at Google. It’s a great book by Google, describing their engineering practices across many different domains. One of the first chapters discusses the matter of making a “scalable impact,” which I find very interesting, and something that I believe has been overlooked by many organizations.

It’s no secret that cyber attacks are on the rise. Not only are they becoming more frequent, but the malicious actors who mount these attacks are constantly improving their skills and evolving the tools in their arsenals. Protecting your organization is challenging at best; especially since we measure the return on investment for cybersecurity as ‘preventing losses’ instead of ‘increasing revenue.’

After a year of high-profile cyberattacks and uncertainty caused by the extended pandemic, Arctic Wolf wanted to understand the impact this period has had on cybersecurity strategy and business overall. In August of this year, we commissioned a survey of over 1,400 senior I.T. decision-makers and business executives in the U.S., U.K., and Canada, and today we are publishing the results.

When smaller firms are hit by a cyberattack, the cost can be devastating. One out of four businesses with 50 or fewer employers report paying at least $10,000 to resolve an attack. And for organizations with fewer than 500 employees, insider incidents alone cost an average of $7.68 million, according to the Ponemon Institute's 2020 Cost of Insider Threats report.

For healthcare organizations, cybersecurity isn’t just about staying safe and protected from evolving cyber threats—it’s also about staying compliant. The most well-known healthcare regulation of them all is the Health Insurance Portability and Accountability Act (HIPAA), which recently celebrated 25 years on the books.