A report compiled by the insurance provider, Hiscox, has revealed that whilst almost half of small businesses in the US have been struck by a cyber-attack in the last year, only 35% responded in some way. 1,000 US companies were questioned, and the results proved troubling.
The report found that just over half of small businesses, 52% to be exact, had a clearly defined cyber-attack response strategy in place, with the remaining 48% claiming to have none. Only 32% had carried out phishing exercises to assess risk and employee response. Despite this unpreparedness, two thirds of the companies surveyed ranked the risk of cyber-attacks among their top concerns.
Small Businesses particularly at Risk
Compared to their larger counterparts, it appears that small businesses are far more vulnerable to both cyber incidents themselves, and the effects they can have. Hiscox found that only 21% of small businesses have a dedicated cyber insurance policy in place, whereas 58% of large firms do. Only 16% of the small businesses surveyed said they felt ‘very confident’ in their readiness to deal with cyber security threats.
Since 65% of these small businesses made no changes following an attack, repeated incidents emerged as an issue. Of the 47% of small businesses which have fallen victim to a cyber-attack in the last year, 44% have undergone two, three, or four.
The Cost of a Cyber-Attack
Cyber-attacks can be a stressful and nerve-wracking experience for employers and employees alike, but the financial cost can be just as great as the emotional one. The average cyber security incident will cost a small to medium sized business $34,604. For larger organisations, the cost is significantly higher – $1.05 million dollars per attack. Alongside this initial costs, hacking incidents can damage a brand’s reputation, causing them to lose valuable customers and revenue. These attacks can be even harder for smaller businesses to recover from, since they generally have smaller budgets and client bases.
Hiscox found that many firms struggle to implement strong cyber-attack policies because of budget limitations. Because these attacks can have such a devastating effect on business, though, they recommended that more organisations make protection a budget priority.
After compiling this data, Hiscox recommend that small businesses implement a specific strategy to protect against cyber-attacks. For organisations of this size, the process will likely involve outsourcing to a specialist consultant. Hiscox advises that this is a cost effective way for smaller businesses to access the resources and knowledge they need to stay safe.
Hiscox also suggest that employees of all levels are made aware of their company’s cyber-attack strategies; how to best prevent these crimes, and how the effects can be mitigated if one should happen. This should involve training for all staff, with particular focus on how to protect sensitive data. Finally, Hiscox recommended that businesses put one person in charge of cyber security overall, to ensure that employees know who to voice their concerns to, and they receive all relevant information.