Costly cyberattacks in every industry are becoming an increasing concern for companies across the nation. Breaches by hackers can compromise crucial company data. Hackers can shut down company computer systems and demand large ransoms to restore access to data. The breaches undermine customer trust in victimized companies and can jeopardize the reputation and financial stability of these firms.

Just how costly are cyberattacks? According to a study by IBM, the average cost of a data breach in 2021 is $4.24 million, up 10 percent from $3.86 million in 2019. Pandemic-era remote work has added to the expense. Companies adopting remote work in some form paid an average of $1.07 million more for damages related to data breaches.

Costs related to lost business – from customer turnover, new business acquisition and lost revenue due to system unavailability — account for 38 percent of data breach costs.

Given the proliferation and increasing sophistication of cyberattacks, it’s important for owners and managers to stay current on how data breaches most often take place. It’s also essential management understand and communicate to employees the latest best practices in avoiding the threat of cyberattack.

Cybersecurity must be an ongoing, not occasional, priority for business owners and managers, says Bob Hamaker, The Leaders Bank senior vice president of operations. “I’ll get an inquiry from a customer about cybersecurity, and I’ll say, ‘I’m glad you’re thinking about this,’” Hamaker says. “With manufacturers, it should be a concern. It seems players in the manufacturing industry are getting hit more and more.”

Approximately 80 percent of U.S. data breaches result from compromised passwords. This threat has grown greater since the onset of COVID-19 because more people have remote access to corporate systems, leading to inevitable intrusions by hackers. Many hackers have transitioned from malware to stealing credentials to gain entry to systems.

Then there’s email spoofing, which happens when hackers pose as trusted emailers and ask recipients to click on links that give them access to data. Domain impersonation occurs when scammers create domains that are almost identical to legitimate domains, except for one easily overlooked character. Another strategy is referred to as “name dropping.” In these instances, hackers create an email address that appears to be a secondary email of someone trusted by the recipient. One additional type of attack is launched by cybercriminals who gain access to the email system of a company vendor, then send emails that appear legitimate but aren’t.

Ransomware attacks are becoming more insidious. In the not-so-distant past, hackers merely locked systems and demanded ransom to regain access. Today, they invade the system, gather sensitive data, and demand payment in excess of the ransom to ensure the data is not made public. Before taking these steps, they find and destroy the company’s backup.

As inevitable as cyberattacks appear to be these days, there are proactive steps companies can take to reduce the threat. The first involves ongoing employee training, Hamaker says. “That’s your frontline people accepting email; they have to be trained about cyberattacks,” he adds.

“I’ll send out monthly emails to bank employees informing them of the newer things to watch out for. The bad actors are getting better and better at this, and end-users have to become all the better themselves.”

One way they can become better is to use more secure passwords. Hamaker actually prefers the use of a “passphrase” to password. “If you use special characters within, say, your dog’s name, you make the password harder to crack,” he reports. “If you have a 12-character password, and you’re not using a dictionary word, you’ve done your job. Use all four character types: Capital letter, small letter, special character and number.”

Using two-factor authentication for access to the company’s system represents another valuable measure. “That’s another line of defense for your data,” Hamaker reports. “[Hackers] could get the key to the kingdom, but not access the kingdom because they don’t have that second factor. They can knock on the door, but still fail to obtain entry.”

A final precaution: Make sure your company’s backup system is kept separate from its network. “That is so important because if bad actors get into the network and see the backup, they will destroy it,” Hamaker says. “Any type of backed up data has to be kept segregated from the network, with a separate set of credentials required to gain access for restoration.”


This article was written by Bill Gleason from Daily Herald, Arlington, IL. and was legally licensed through the Industry Dive publisher network. Please direct all licensing questions to


This article is not intended to provide tax, legal, accounting, financial, or other professional advice. Always consult a qualified professional about your personal situation.

The opinions expressed within this article is that of Bill Gleason and not that of M&T Bank, nor does M&T Bank endorse the opinions.


Share this page

If you are interested in sending this page to a friend or relative, please enter the following:

* Indicates required fields
+ Add another

No personal information (including e-mail addresses) about you or your friend will be collected from this e-mail notification feature offered by M&T Bank.

Please Note:

By clicking "ok" below, you will leave and enter a Third-Party Website.

Tenga en cuenta que:

Al hacer clic en “Aceptar”, abandonará e ingresará en el sitio web de un tercero.

Please note that:

  • The Third-Party Website is governed by a different set of terms and conditions and privacy policy than and you should review those terms, conditions and privacy policy prior to reviewing the content of the Third-Party Website
  • M&T is providing a link to the Third-Party Website as a convenience and does not necessarily control the content of, or endorse, the Third-Party Website, it's owner/operator or any information, products or services that are made available on or through it
  • M&T makes no representations or warranties regarding the information, products or services provided through the Third-Party Website

Such Third-Party Website's owner/operator may be regulated by governmental entities and laws that are different than those that regulate M&T.

Tenga en cuenta que:

  • El sitio web de un tercero está regido por un conjunto de términos y condiciones y una política de privacidad diferentes que, por lo tanto, deberá revisar esos términos y condiciones y la política de privacidad antes de evaluar el contenido del sitio web de un tercero
  • M&T le proporciona un enlace al sitio web de un tercero para su comodidad y no necesariamente tiene control sobre el contenido, o se adhiere, al sitio web del tercero, su propietario/operador o ni a ninguna parte de la información, producto o servicio que se ofrezca a través de él
  • M&T no ofrece declaraciones ni garantías respecto de la información, productos o servicios prestados a través del sitio web de un tercero

El propietario/operador de ese sitio web de un tercero podría estar regulado por entidades gubernamentales o leyes que son diferentes a aquellos por los que está regulado M&T.