NEWS – Annual Cyber Attack Costs $25k for US Small Business Says Hiscox SurveyRamon Ray
Hiscox, the international specialist insurer, reveals that in the past 12 months 23% of small businesses suffered at least one cyber attack, with an average annual financial cost of $25k. Although small businesses quickly adapted to remote working, it has left many feeling more vulnerable to cyber attacks.
The Hiscox Cyber Readiness Report 2021™ gauges businesses’ preparedness to combat cyber incidents and breaches. Now in its fifth year, the study surveys over 6,000 professionals from the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland who are responsible for their company’s cyber security.
Key findings specific to the 590 US small businesses surveyed (under 250 employees) include:
- Small business doesn’t mean small costs: the average financial cost of cyber attacks to a US small business over 12 months is high at $25,612.
- The pandemic creates ‘cyber-stress’ for small businesses: With 63% of the small business workforce now working remotely, over half (53%) of US small businesses believe they are more vulnerable to cyber attacks. Securing the company servers, the most common point of entry for cyber criminals, is a critical step to minimizing vulnerabilities.
- Priorities are mismatched when it comes to partners: For small businesses, the most critical priority over the next 12 months is complying with security requirements of their business partners (20%), over their own existing threats and vulnerabilities (18%). However, over one in three US small businesses (35%) do not fully disclose to all relevant internal and external stakeholders when a cybersecurity incident has occurred.
- Cyber protection is set to grow: Although 49% of US small businesses do not currently have a cyber insurance policy, 39% expect their cyber security spending to increase over the next 12 months.
Meghan Hannes, Cyber Product Head for Hiscox USA commented, “Small business can mean big business for cyber criminals. We know the financial impacts of cyber attacks can be substantial, and small businesses are increasingly feeling ‘cyber stress.’ The good news is, there are measures businesses can take to help mitigate the risk.”
To ensure cyber readiness in the new virtual world of work, small businesses must consider people, processes and technology. When it comes to preventing and managing cyber-attacks, Hiscox recommends taking the following steps:
- Prevent: Involve and educate employees at all levels within the business. Have a formal budgeting process in place and ensure cyber security is considered and prioritized in decision-making.
- Detect: Include intrusion detection and ongoing monitoring on all critical networks. Track violations (including those that are successful and thwarted), and generate alerts using both automated monitoring and manual logging.
- Mitigate: Create a plan for all incidents, from detection and containment to notification and assessment, with specific roles and responsibilities clearly defined. Regularly review response plans to integrate emerging threats and new best practices. Insure against financial risks with a stand-alone cyber policy or endorsement.