Cyberattacks on small businesses are a real and growing problem,and the latest research by Nationwide showsowners are not prepared.

|

Small businesses fall into hackers’ cybersecurity sweetspot — they have more digital assets to target than anindividual consumer has, but less security than a largerenterprise, according to Nationwide.

|

“Cyber criminals are getting more sophisticated and realizingthat small businesses are easy targets,” said Mark Berven,president of Columbus, Ohio-based Nationwide Property &Casualty.

|

Insurance agents can play a crucial role in assistingsmall-business owners understand their cyber risks and insuranceoptions.

|

Survey methodology


The Small Business Indicator study wasconducted online by Harrris Poll on behalf of Nationwide from June10-23. Respondents to the survey were comprised of 502 U.S.small-business owners of companies with less than 300employees.

|

Results are weighted to be representative of small-businessowners in the U.S. Research participants were drawn from theHarris PollOnline research panel and partner sample.

|

Related: Friday's cyber attacks a 'wake-up call' forinsurers and public alike

|

Here are 10 insights into how small-business owners perceivetheir cyber risk and their need for cyber insurance:

|

|

Small-business owner

|

Cybersecurity is a low priority for many small-businessowners because the threat is not palpable. (Photo:iStock)

|

1. Most small businesses still don't have a cyberattackresponse plan.


Larger companies and mid-size companies are more likely thansmaller companies to have a cyberattack plan in place.

|

Of the small-business owners surveyed, 78 percent don't have acyberattack response plan, even though more than half (54 percent)were victims to a least one type of the following attacks:

  • Computer virus: 37 percent.
  • Phishing: 20 percent.
  • Trojan horses: 15 percent.
  • Hacking: 11 percent.
  • Unauthorized access to customer information: 7percent.
  • Unauthorized access to company information: 7percent.
  • Data breach: 6 percent.
  • Issues due to unpatched software: 6percent.
  • Ransomware: 4 percent.

Related: What's your data breach responseplan?

|

|

cyber insurance

|

A larger number of small-business owners don't know if theyhave insurance that covers potential cyber losses. (Photo:iStock)

|

2. Just over half of small-business owners understand cyberinsurance policies.


About 1 in 10 (11 percent) of small-business owners don't know iftheir insurance covers losses due to cyberattacks.

|

Of small-business owners whose insurance covers losses due tocyberattacks, most utilize an insurance agent or insurancecarrier’s risk management resources.

|

While most survey respondents understand insurance coverageoverall (87 percent), many have gaps in their business insurancecoverage (45 percent).

|

Related: 3 things to do when looking for cyberinsurance

|

Cyber threat

|

The survey found that 1 in 10 small-business ownersare very concerned about a potentialcyberattack. (Photo: iStock)

|

3. The majority are at least somewhat concernedabout a potential cyberattack affecting their business.


The survey found that 1 in 10 small business owners are veryconcerned about a potential cyberattack, while over two in threesmall-business owners are at least somewhat concerned.

|

Here's a breakdown of the responses to the question, "Howconcerned are your with a potential cyberattack affecting yourbusiness?":

  • Very concerned: 10 percent.
  • Concerned: 17 percent.
  • Somewhat concerned: 41 percent.
  • Not at all concerned: 32 percent.

Larger (86 percent) and mid-size (88 percent) companies aremore likely to be concerned about potential cyberattacks than aresmaller companies (59 percent).

|

Millennial small-business owners are the most likely to be veryconcerned about a potential cyberattack affecting their business(26 percent vs. 8 percent Gen X, 7 percent Baby Boomers).

|

Related: Data breaches continue to increase, according tofigures from Beazley

|

|

Recovery costs

|

Of those attacked, 60 percent of small-businessesvictims said it took more than one month torecover. (Photo: iStock)

|

4. Recovery time from a cyberattack takes longer thanexpected.


Of those who have not encountered a cyberattack, over half ofsmall-business owners (57 percent) say their company could recoverwithin a month.

|

However, 60 percent of those who did experience a cyberattack,say it took longer than a month to recover.

|

Related: How to develop a cyber strategy

|

|

Recovering from a cyber attack

|

(Photo: iStock)

|

5. Nearly all are at least somewhat confident in their abilityto recover from a cyberattack.


The percent of respondents who are "confident" in their ability torecover from a cyberattack is down nine percentage points from 2014(31 percent vs. 40 percent).

|

Only 5 percent of small-business owners are "Not at allconfident" in their ability to recover from a cyberattack.

|

Gen Xers are least likely to feel "confident/very confident"about financially bouncing back from a breach (61 percent vs. 78percent Millennials, 77 percent Baby Boomers).

|

Related: 6 steps to take to evaluate cyberrisk

|

|

Cyber insurance cost

|

(Photo: iStock)

|

6. Most say cybersecurity insurance is too expensive.


Seven in 10 (71 percent) of small-business owners say cybersecurityinsurance is too expensive.

|

Related: 6 things agents need to know about basic securityfor cyber coverage

|

|

Customer data

|

(Photo: iStock)

|

7. Most acknowledge it's increasingly important to keepcustomers’ data secure to build trust.


A total of 88 percent of respondents "strongly agree" or "somewhatagree" that it's becoming increasingly important to keep customers'data secure to build trust.

|

About two-thirds (64 percent) of small-business owners say theyuse encryption services to protect customer data.

|

Almost half (46 percent) admit they don't fully understandcyberattacks, still 3 in 5 (62 percent) say they feel they haveadequate cybersecurity training.

|

Related: What are the leading causes of data securitybreahces?

|

|

Cyber training

|

(Photo: iStock)

|

8. Over half have trained employees on what to do if asuspicious message is discovered and how to detect phishingscams.


About half (48 percent) have trained their employees on how to backup customer information every day to a cloud or hard drive.

|

Two in 5 have trained employees how to protect businessinformation on mobile devices.

|

Only about 1 in 4 (24 percent) of small-business owners havetrained employees to take all of the following securitymeasures:

  • What to do if a suspicious message is discovered.
  • How to detech phishing scams via email or social media.
  • To back up customer information every day to a cloud or harddrive.
  • How to protect business informaiton on mobile devices.

|

Reputation recovery

|

Recovery from a cybersecurity breach may include damagecontrol to a business' reputation. (Photo:iStock)

|

9. Small-business owners believe financial andreputational recovery may take longer than fixing a cybersecuritybreach.


More than 6 in 10 (63 percent) say the data breach would becorrected in less than three months, while fewer small-businessowners believe their reputation (56 percent) or finances (53percent) would recover in the same amount of time.

|

Smaller companies expect a shorter time for their reputation torecover: 66 percent of smaller companies say their reputation wouldrecover in less than three months, compared to 36 pecent each formid-size and larger companies.

|

Related: More businesses are using insurance to manage theircyber risk

|

|

Cybersecurity plan

|

A cybersecurity plan should include an analysis of thebenefits of cyber insurance to cover losses in case of a breach orfraud. (Photo: iStock)

|

10. To help small-business owners and their insurance agentscreate a cybersecurity plan, here are some helpful tips:

  • Guard your physical perimerter to prevent hackes from accessingsensivite data and your company's computer network.
  • Educate your employees because they are your company's firstline of defense against cyber criminals.
  • Activate your firewall to block connections that are used tohack into your system and deliver viruses.
  • Install and regularly update spyware, anti-virus and malwaresoftware to help prevent and detect any of those from affectingyour computers.
  • Use stronger passwords of 8-10 characters that include letters,numbers and special characters. Change passwords regularly.
  • Secure your WiFi networks to prevent hackers from accessingyour servers or using your internet connection without yourknowledge.
  • Set social network profiles to private and check securitysettings. Also, be mindful of what information is postedonline.
  • Encrypt your most sensitive data, make a backup and store it ina fireproof safe or offsite. Use a dedicated computer for allsensitive information.
  • Carefully select online computing services. Any information youshare with vendors can be compromised by their system.
  • Acquire cyber insurance to cover losses in case of a breach orfraud.

Related:

|

More companies are buying cyber coverage,Marsh says

|

Insurance for small businesses a growthopportunity, report says

|

Is your business prepared for weather and cyberrisks?

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

  • All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
  • Educational webcasts, resources from industry leaders, and informative newsletters.
  • Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Commercial Lines
Workers' Comp