Intelligent Automation Reasonable Safeguards
Press ? help · F fullscreen
Intelligent Automation·Managed IT & Cybersecurity

Reasonable Cybersecurity Safeguards.

Why every business — from Main Street to the enterprise — needs them, and what happens when they're missing.

Prepared by Intelligent Automation · July 2026

The purpose of this briefing

Why we're presenting this.

We run IT and security for businesses every day, and we keep seeing the same story. It's almost never exotic hacking — it's a missing basic safeguard, followed by a very bad month.

1

Understand the risk

What cybersecurity actually is — and what an incident actually costs.

2

See the consequences

Real breaches, real class actions, and real businesses that closed.

3

Leave with a plan

The specific safeguards regulators and courts call “reasonable.”

Everything in this deck is public data — FBI reports, insurer and industry studies, court records. Yes, we sell these services. The data is the same data regulators, insurers, and plaintiffs' lawyers are reading.

First principles

What is cybersecurity?

The ongoing practice of protecting your systems, your data, your money, and your people from digital attack, damage, or unauthorized access.

🔒

Confidentiality

Only the right people can see sensitive data — customer records, payroll, contracts, card numbers.

Integrity

Data can't be silently altered — bank details on an invoice, your prices, a patient's chart.

Availability

Systems work when the business needs them — email, point of sale, scheduling, production.

It is not an IT problem. It's a business-survival function — locks, fire code, and insurance for the digital half of your company.

The state of play

Why this matters right now.

Cybercrime is industrialized: ransomware groups run affiliate programs, help desks, and professional negotiators. The numbers reflect it.

$16.6B
losses reported to the FBI's IC3 in 2024 — up 33% in a single year
$10.2M
average cost of a U.S. data breach — an all-time high (IBM, 2025)
60%
of breaches involve the human element — phishing, stolen credentials, simple error (Verizon DBIR 2025)
241
days on average to identify and contain a breach — eight months of exposure (IBM, 2025)

Waiting is a strategy — it's just the attacker's strategy. Every one of these numbers moved against defenders who did nothing.

Sources: FBI Internet Crime Report 2024 · IBM Cost of a Data Breach Report 2025 · Verizon Data Breach Investigations Report 2025

The legal standard

“Reasonable safeguards” is a legal expectation.

See it for yourself

What an attack looks like — and what stops one.

A 2-minute briefing on what a breach actually looks like — plus a public-domain FTC series on the safeguards that stop them.

Watch — reasonable cybersecurity in 2 minutes

What a breach looks like — and what stops one.

A short briefing from Intelligent Automation: an ordinary Tuesday, one clicked link, and forty days of silent access — then the reasonable safeguards that would have stopped it.

Produced by Intelligent Automation, LLC · 2:00 min · download MP4 ↗

Watch — the safeguards, in plain English

Cybersecurity basics, from the FTC.

A short primer produced by the U.S. Federal Trade Commission — the same baseline regulators and insurers reference. Public domain, free to share.

Produced by the U.S. FTC · 1:28 min · download MP4 ↗ · more FTC videos ↗

Case files

Real breaches — and the safeguard that was missing.

Equifax

2017

147M people's data taken through one publicly known, unpatched server flaw. The fix had existed for months.

Missing: Routine Patching

Up to $700M in settlements; CEO, CIO and CSO gone.

Target

2013

40M payment cards stolen after attackers logged in with an HVAC vendor's credentials and roamed the network.

Missing: Vendor Access Controls

≈$200M+ in costs; CEO and CIO resigned.

Colonial Pipeline

2021

One old VPN password — no MFA — shut down the largest U.S. fuel pipeline and triggered East Coast panic buying.

Missing: Multi-Factor Authentication

$4.4M ransom paid; congressional hearings.

Change Healthcare

2024

Stolen credentials on a remote-access portal without MFA. ~190M Americans affected; pharmacies disrupted for weeks.

Missing: Multi-Factor Authentication

$2B+ in response costs — and still counting.

None of this was exotic. Every one traces back to a basic, affordable safeguard that wasn't in place.

The litigation wave

Breaches now arrive with lawyers attached.

1,488
data-breach class actions filed in U.S. federal courts in 2024 — more than double 2022 (604), and nearly 14× the 2018 total (108).
$593M
the top 10 data-breach settlements in 2024 alone. Roughly 40% of class-cert motions now succeed.

Landmark settlements

Equifaxup to $700M
2019 · incl. $425M consumer fund
T-Mobile$350M
2022 · plus $150M mandated security spend
Anthem$115M
2017 · 79M health records
Home Depot≈$200M
total breach costs, incl. settlements

Statutory damages do the plaintiffs' math: $100–$750 per California consumer. A breach of 50,000 records = up to $37.5M in exposure, before anyone proves a single loss.

Sources: Duane Morris Data Breach Class Action Review 2025 · public court records

How it unfolds

The breach is the cheap part — the cascade is the killer.

Breach

Systems locked, data stolen — often via one phished password.

Downtime

Weeks of disrupted operations. Payroll, orders, invoicing stall.

Reputation

Customers quietly leave. Lost business is among the largest breach costs (IBM).

Lawsuits & fines

Class actions, AG investigations, insurer disputes, notification costs.

Closure

For some businesses, the doors never reopen.

Reputational damage is the multiplier. It turns a bad month into a lost decade — and for the unprepared, into a closing notice.

When the cascade completes

The ones that didn't survive.

KNP Logistics (“Knights of Old”)

United Kingdom · 2023

A 158-year-old trucking firm. One guessed employee password let ransomware encrypt its data and its backups. Into administration — about 730 jobs lost.

Lincoln College

Illinois · 2022

A 157-year-old college. Ransomware crippled recruitment, retention, and enrollment systems during pandemic recovery. Closed permanently.

Wood Ranch Medical

California · 2019

Ransomware destroyed the clinic's patient records — and the backups. With no records left to practice on, it shut down for good.

St. Margaret's Health

Illinois · 2023

A 2021 ransomware attack froze billing and insurance claims for months — cited as a key factor in the hospital system's closure.

These weren't tech companies. Trucking, education, medicine — every business is a computer business now.

Impact — small business

You're not too small to be a target — you're the easy one.

43%

of cyberattacks target small businesses (Accenture)

88%

of ransomware breaches Verizon analyzed involved small businesses (DBIR 2025)

~60%

of small companies fold within six months of a major attack (widely cited industry estimate)

It's automated

Bots scan every business on the internet. Attackers don't choose you — their software finds you.

Real money, thinner defenses

SMBs hold bank access, card data, and customer PII behind lighter protection.

You're a stepping stone

Small vendors are the path into bigger partners — Target fell through its HVAC contractor.

Thin margins

Three weeks of downtime an enterprise absorbs can be terminal for a small business.

Impact — enterprise

Bigger walls — but a bigger blast radius.

Record breach costs

$10.2M average U.S. breach cost — an all-time high. Detection, escalation, and regulatory fines drive it up (IBM 2025).

Lost business leads the bill

Customer churn, stalled deals, and reputational drag are among the largest components of breach cost — and last the longest.

Regulators stack up

GDPR fines reach 4% of global revenue; Marriott paid £18.4M to the UK ICO. U.S. public companies must disclose material breaches within 4 business days (SEC).

Careers end at the top

Target's CEO and CIO, and Equifax's CEO, CIO, and CSO all departed after their breaches. Boards now treat cyber as a governance duty.

At enterprise scale, the breach itself is survivable — the churn, the fines, and the leadership fallout are what shareholders remember.

Impact — the owner's desk

Why owners and executives should care personally.

Criminal and civil exposure is real

Uber's chief security officer was criminally convicted over a breach cover-up (2022). The SEC charged SolarWinds and its CISO with fraud over security statements (2023).

Regulatory orders follow the person

The FTC's Drizly order bound the CEO personally — the security obligations follow him to future companies, not just the firm.

Insurance can walk away

Insurers have voided cyber policies where MFA was claimed but not actually deployed (Travelers v. ICS, 2022). Misstate your safeguards, lose your coverage when you need it most.

Your equity is the collateral

For an owner-operator, the company is the retirement plan. Reputational damage reprices it; a closure erases it.

The business decision

What safeguards cost — vs. what a breach costs.

Reasonable safeguards

A predictable line item
  • MFA — a few dollars per user, per month
  • Awareness training — a coffee budget per employee
  • Managed patching, backups, and monitoring — a fixed monthly service
  • Incident response plan — written once, tested yearly

One uninsured incident

An unbounded event
  • $10.2M average U.S. breach; small-business incidents routinely run six figures
  • Weeks of downtime, forensics, notification, and legal costs
  • Class-action exposure — $100–$750 per California record
  • Premium spikes, lost coverage, lost customers

Safeguards are a utility bill; a breach is a mortgage. And afterward, everyone — regulator, insurer, judge — asks one question: was your security reasonable?

The baseline

What “reasonable” looks like in practice.

🔐

MFA everywhere

Every login — especially email, banking, and remote access.

Patch on schedule

Updates applied promptly, and tracked so you can prove it.

💾

Tested backups

3-2-1 rule with an offline copy — and restore drills, not hope.

👁

24/7 monitoring

Endpoint detection that a human actually watches and acts on.

📚

Train your people

Phishing drills and habits — 60% of breaches involve humans.

🔑

Least privilege

People can only reach what their job actually requires.

🤝

Vet your vendors

Security requirements in contracts, limits on their access.

📋

Response plan

Who calls whom in hour one — in writing, rehearsed.

This maps to CISA's Cyber Essentials, the FTC's Cybersecurity for Small Business guidance, and the NIST Cybersecurity Framework — the same baseline courts, regulators, and insurers reference.

About us

Who we are — and why we brought you this data.

Who we are

Intelligent Automation is a managed IT and cybersecurity partner. We design, run, and document exactly these safeguards — identity and access, monitoring, patching, backups, training, and incident response — so businesses can prove their security is reasonable, not just hope it is.

Why we're presenting this

Because we see the aftermath firsthand — and the businesses that hear this early are the ones that never make the news.

Every number in this deck is public: FBI, IBM, Verizon, court dockets. Verify us. An informed owner makes better decisions — whether or not they ever hire us.

Daniel Ramos · Intelligent Automation · [email protected] · (888) 711-4521

Take the first step

Every business gets tested.

The only choice is whether your safeguards are ready when it happens.

1

Baseline assessment

A fast, honest map of your current gaps — what's reasonable already, and what isn't.

2

Prioritized roadmap

The highest-risk fixes first, sized to your budget and your industry's rules.

3

Documented safeguards

Ongoing monitoring, patching, backups, training, and response — with the paper trail to prove it.

[email protected] 📞 (888) 711-4521 Book a consultation →

Thank you — questions welcome.

1 / 17
Secured by IA