MONDAY, OCTOBER 24, 2016
Cyberattacks on small businesses are a real and growing problem, and the latest research by Nationwide shows owners are not prepared.
Small businesses fall into hackers’ cybersecurity sweet spot — they have more digital assets to target than an individual consumer has, but less security than a larger enterprise, according to Nationwide.
“Cyber criminals are getting more sophisticated and realizing that small businesses are easy targets,” said Mark Berven, president of Columbus, Ohio-based Nationwide Property & Casualty.
Insurance agents can play a crucial role in assisting small-business owners understand their cyber risks and insurance options.
The Small Business Indicator study was conducted online by Harrris Poll on behalf of Nationwide from June 10-23. Respondents to the survey were comprised of 502 U.S. small-business owners of companies with less than 300 employees.
Results are weighted to be representative of small-business owners in the U.S. Research participants were drawn from the Harris Poll Online research panel and partner sample.
Here are 10 insights into how small-business owners perceive their cyber risk and their need for cyber insurance:
1. Most small businesses still don't have a cyberattack response plan.
Larger companies and mid-size companies are more likely than smaller companies to have a cyberattack plan in place.
Of the small-business owners surveyed, 78 percent don't have a cyberattack response plan, even though more than half (54 percent) were victims to a least one type of the following attacks:
Computer virus: 37 percent.
Phishing: 20 percent.
Trojan horses: 15 percent.
Hacking: 11 percent.
Unauthorized access to customer information: 7 percent.
Unauthorized access to company information: 7 percent.
Data breach: 6 percent.
Issues due to unpatched software: 6 percent.
Ransomware: 4 percent.
2. Just over half of small-business owners understand cyber insurance policies.
About 1 in 10 (11 percent) of small-business owners don't know if their insurance covers losses due to cyberattacks.
Of small-business owners whose insurance covers losses due to cyberattacks, most utilize an insurance agent or insurance carrier’s risk management resources.
While most survey respondents understand insurance coverage overall (87 percent), many have gaps in their business insurance coverage (45 percent).
3. The majority are at least somewhat concerned about a potential cyberattack affecting their business.
The survey found that 1 in 10 small business owners are very concerned about a potential cyberattack, while over two in three small-business owners are at least somewhat concerned.
Here's a breakdown of the responses to the question, "How concerned are your with a potential cyberattack affecting your business?":
Very concerned: 10 percent.
Concerned: 17 percent.
Somewhat concerned: 41 percent.
Not at all concerned: 32 percent.
Larger (86 percent) and mid-size (88 percent) companies are more likely to be concerned about potential cyberattacks than are smaller companies (59 percent).
Millennial small-business owners are the most likely to be very concerned about a potential cyberattack affecting their business (26 percent vs. 8 percent Gen X, 7 percent Baby Boomers).
4. Recovery time from a cyberattack takes longer than expected.
Of those who have not encountered a cyberattack, over half of small-business owners (57 percent) say their company could recover within a month.
However, 60 percent of those who did experience a cyberattack, say it took longer than a month to recover.
5. Nearly all are at least somewhat confident in their ability to recover from a cyberattack.
The percent of respondents who are "confident" in their ability to recover from a cyberattack is down nine percentage points from 2014 (31 percent vs. 40 percent).
Only 5 percent of small-business owners are "Not at all confident" in their ability to recover from a cyberattack.
Gen Xers are least likely to feel "confident/very confident" about financially bouncing back from a breach (61 percent vs. 78 percent Millennials, 77 percent Baby Boomers).
6. Most say cybersecurity insurance is too expensive.
Seven in 10 (71 percent) of small-business owners say cybersecurity insurance is too expensive.
7. Most acknowledge it's increasingly important to keep customers’ data secure to build trust.
A total of 88 percent of respondents "strongly agree" or "somewhat agree" that it's becoming increasingly important to keep customers' data secure to build trust.
About two-thirds (64 percent) of small-business owners say they use encryption services to protect customer data.
Almost half (46 percent) admit they don't fully understand cyberattacks, still 3 in 5 (62 percent) say they feel they have adequate cybersecurity training.
8. Over half have trained employees on what to do if a suspicious message is discovered and how to detect phishing scams.
About half (48 percent) have trained their employees on how to back up customer information every day to a cloud or hard drive.
Two in 5 have trained employees how to protect business information on mobile devices.
Only about 1 in 4 (24 percent) of small-business owners have trained employees to take all of the following security measures:
What to do if a suspicious message is discovered.
How to detech phishing scams via email or social media.
To back up customer information every day to a cloud or hard drive.
How to protect business informaiton on mobile devices.
9. Small-business owners believe financial and reputational recovery may take longer than fixing a cybersecurity breach.
More than 6 in 10 (63 percent) say the data breach would be corrected in less than three months, while fewer small-business owners believe their reputation (56 percent) or finances (53 percent) would recover in the same amount of time.
Smaller companies expect a shorter time for their reputation to recover: 66 percent of smaller companies say their reputation would recover in less than three months, compared to 36 pecent each for mid-size and larger companies.
10. To help small-business owners and their insurance agents create a cybersecurity plan, here are some helpful tips:
Guard your physical perimerter to prevent hackes from accessing sensivite data and your company's computer network.
Educate your employees because they are your company's first line of defense against cyber criminals.
Activate your firewall to block connections that are used to hack into your system and deliver viruses.
Install and regularly update spyware, anti-virus and malware software to help prevent and detect any of those from affecting your computers.
Use stronger passwords of 8-10 characters that include letters, numbers and special characters. Change passwords regularly.
Secure your WiFi networks to prevent hackers from accessing your servers or using your internet connection without your knowledge.
Set social network profiles to private and check security settings. Also, be mindful of what information is posted online.
Encrypt your most sensitive data, make a backup and store it in a fireproof safe or offsite. Use a dedicated computer for all sensitive information.
Carefully select online computing services. Any information you share with vendors can be compromised by their system.
Acquire cyber insurance to cover losses in case of a breach or fraud.
Post a Comment
Required (Not Displayed)
All comments are moderated and stripped of HTML.
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only.
It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional
in your state. By using this blog site you understand that there is no broker client relationship between
you and the blog and website publisher.