Small Business
65% of Small Businesses Fail to Act Following Cyber Security Attack
Once bitten, twice (thrice or more) shy? Unfortunately, of the businesses that reported having a cyber attack, 44% of them said they "had been attacked two, three or four times."
Jun. 28, 2018
Are they putting their heads in the sand? A new survey shows that 65% of small businesses fail to act following a cyber security incident. And almost half, 47%, of small businesses had suffered at least one cyber attack in the past year.
Once bitten, twice (thrice or more) shy? Unfortunately, of the businesses that reported having a cyber attack, 44% of them said they “had been attacked two, three or four times.”
Those findings are from the results of the Hiscox Small Business Cyber Risk Report, which studies U.S. small businesses’ preparedness for cyber threats. The study also found:
- Cyber a Top Concern: Two-thirds of small businesses surveyed reported cyber risk as a top concern for potential business impact on their organization in the coming year.
- Lack of Strategy: Barely half (52%) of small businesses reported having a clearly-defined strategy around cyber security.
- Training: Less than one-third (32%) of small businesses have simulated phishing experiments to assess employee behavior and readiness in the event of an attack.
- Budget Catch-22: Despite keeping cyber threats as a top-of-mind concern, 50% of small businesses say they’re challenged by a lack of budget.
While budgeting for cyber-related resources is critical, people, processes and technology must also be incorporated to ensure cyber readiness. When it comes to cyber attacks, Hiscox recommends small businesses consider the following steps as best practices:
- Prevent: Involve and educate employees at all levels within the business. Have a formal budgeting process in place and ensure cyber security is considered and prioritized in decision-making.
- Detect: Include intrusion detection and ongoing monitoring on all critical networks. Track violations (including those that are successful and thwarted), and generate alerts using both automated monitoring and manual logging.
- Mitigate: Create a plan for all incidents, from detection and containment to notification and assessment, with specific roles and responsibilities clearly defined. Regularly review response plans to integrate emerging threats and new best practices. Insure against financial risks with a stand-alone cyber policy or endorsement.
The 2018 Hiscox Small Business Cyber Risk Report™ focuses on the responses of US small businesses surveyed as a part of the Hiscox Cyber Readiness Report 2018™, which was released February 7, 2018.