Only a quarter (26 per cent) of small business professionals see cybersecurity as a top priority for their organisation, according to new research by Direct Line business insurance. One in six (17 per cent) don’t see this as a priority at all.
The level of knowledge around cybersecurity is also poor, just 16 per cent of small business professionals rate their awareness as “excellent”, while 15 per cent say that it “isn’t good”. This is concerning given that nearly half of respondents (49 per cent) say that their organisation has experienced a cyber-attack. The reasons for these attacks have been diverse, including malware and phishing.
When it comes to why SMEs experienced a cyber-attack, human error accounts for almost half (42 per cent) of all cyber-attacks. This highlights the importance of cyber insurance as cybersecurity software won’t protect small businesses from this specific vulnerability. In addition, almost one in ten (eight per cent) businesses cited out of date patch software as to why they experienced a cyber-attack.
This table shows typical reasons for cyber incidents;
|Reasons for cyber-attack on small business||Percentage of small business professionals who said that this was the cause of the cyber-attack|
|The security breach occurred via a third party||20 per cent|
|Employee plugging in an external device containing malicious software||15 per cent|
|Employee clicking on an email or website containing malicious software||14 per cent|
|Employee accidentally divulging confidential information||13 per cent|
|We didn’t have any cyber security protection||13 per cent|
|Weak password protection||10 per cent|
|We hadn’t updated our systems with the latest patches for apps, software, and operating systems||8 per cent|
Source: Direct Line Business Insurance
The consequences of these cyber-attacks have been devastating for many businesses. Almost a quarter (24 per cent) have had to deal with costs associated with legal action, 23 per cent have had to deal with the financial implications of data recovery and 22 per cent have had to cope with severe brand reputational issues. Nearly one in five (19 per cent) enterprises lost business as a result. Yet just 24 per cent regard cyber insurance as essential for their business.
Recent research from the Cyber Security Breaches Survey also found that the average cost of a cyber-attack is a staggering £4,200. This is a huge cost for any business, but particularly for SMEs, which highlights even more the need for cover.
On a more positive note, more than half of small business professionals (53 per cent) agree that cybersecurity ought to be taken more seriously.
Within this group, 29 per cent said that this was because of cyber criminals becoming increasingly sophisticated in their scamming attempts. Over a quarter (26 per cent) said it’s because they are storing more customer, employee, supplier and third-party data on their systems and the same proportion stated it was because they had moved to an online business model and were therefore processing more information.
Alison Traboulsi, Product Manager at Direct Line business insurance commented: “Our latest research shows that small businesses continue to face a diverse range of cyber threats. Cyber criminals are clever, and phishing and malware continue to be a key cause of cyber security breaches. Criminals will look to catch unsuspecting employees off-guard and lure them in to doing something they shouldn’t, like opening an attachment in a fake email, sharing sensitive information, or inadvertently allowing them to bypass cybersecurity. If this happens and criminals get their hands on sensitive customer data, systems or access to bank accounts, the impact on businesses can be devastating.”
You can find out more about Direct Line’s cyber insurance services at the following webpage: https://www.directlineforbusiness.co.uk/small-business-insurance/cyber-insurance