Cyber Risk Report: 65% of Small Firms Fail to Respond to Cyberattacks
Small businesses are less likely than their larger counterparts to prepare for cyberattacks, according to a survey of 4,103 cybersecurity professionals from small businesses conducted by international specialist insurer Hiscox.
Key findings from the Hiscox “2018 Small Business Cyber Risk Report” included:
- 65 percent of respondents said they have failed to respond following a cybersecurity incident.
- 48 percent lack a clearly defined cybersecurity strategy.
- 47 percent experienced at least one cyberattack in the past 12 months, 44 percent experienced two, three or four attacks and 8 percent had five or more attacks.
- 46 percent have no defined leadership role dedicated to cybersecurity.
- 32 percent have conducted phishing exercises to assess employee behavior and readiness in the event of a cyberattack.
- 21 percent have a cyber insurance policy.
- 16 percent are very confident in their cybersecurity readiness.
In addition, small businesses estimated their average cost for cyber incidents in the last 12 months was $34,604, Hiscox indicated. Comparatively, large businesses projected their average cost for cyber incidents in the last 12 months was $1.05 million.
What Are the Key Traits of a Cybersecurity Expert?
Hiscox noted there are several characteristics associated with cybersecurity experts, and these traits include:
- Possess cybersecurity training and awareness.
- Use a clearly defined cybersecurity strategy.
- Implement changes after a data breach.
- Conduct phishing exercises.
- Buy cyber insurance.
Approximately 70 percent of small businesses are unprepared to deal with cyberattacks, Hiscox stated. However, small businesses that allocate time and resources to learn about cyber threats can take the necessary steps to limit the impact of cyberattacks.
Cybersecurity Best Practices for Small Businesses
Hiscox offered the following cybersecurity best practices for small businesses:
- Create a cybersecurity plan. Prioritize cybersecurity across all business departments, employ a cybersecurity leader and identify and follow industry compliance requirements.
- Deploy a human firewall. Teach new and current employees about cybersecurity. Furthermore, perform phishing exercises to help workers prepare for cyberattacks and incorporate cybersecurity into annual employee reviews.
- Purchase cyber insurance. Determine which cyber insurance coverage is in place and add coverage as needed.
Outsourcing cybersecurity to MSSPs also provides an effective solution for small businesses, Hiscox noted. MSSPs can help a small business increase cybersecurity preparedness across its workforce, lower its cybersecurity costs and enhance its cybersecurity program.