Smaller firms now have a better than evens chance of being hacked, so it’s important to have a crisis plan for when you’re targeted.
Most small businesses will experience growing pains and one of the biggest threats now faced is a cyber attack. While incidents involving global corporations grab the headlines, a small business is hacked roughly every 19 seconds. Hiscox’s research shows that it is now more likely than not (59%) that an SME will be attacked.
According to a recent survey within the Hiscox Cyber Readiness Report of 2019, the average cost of attacks has spiraled upwards.* A stark illustration of the escalating threat is that specialist insurer Hiscox has seen a 1,700% increase in claims against cyber insurance policies between 2013 and 2017.
Nearly half of small firms (with less than 50 employees) were attacked, up from a third in 2018. But there’s also been a surge in hacks against medium-sized businesses. Nearly two thirds of companies with less than 250 employees fell victim to attack, a big jump on the previous year (36%).
The total cost of all cyber-related incidents against a medium-sized firm has also skyrocketed from an average total of £35,000 in 2018 to £145,000 this year (with the average cost of the largest incident now being £75,000, more than ten times higher than the £7,000 bill in 2018).
Most companies unprepared for cyber threat
Despite GDPR and many high-profile hacks, more companies are failing Hiscox’s cyber readiness test, which rates them against cyber security best practice. More than seven out of ten UK companies (72%) are classed as being cyber-security ‘novices’. That’s not the worst – Companies in France top the list with 81%. But it’s not the best either – lagging behind companies in Germany, which has the highest proportion of ‘expert’ companies.
Hiscox’s research suggests that although aware of the threat, UK businesses seem to regard spending on IT security technology and training as less of a priority. British firms have the lowest cyber security budgets of any country surveyed.
Hiscox’s research also reveals that firms with fewer than ten employees spend an average of £5,000 on cyber security, while those with a staff of fewer than 50 spend £30,000. Ask yourself how seriously you take the threat by comparing your IT security spending with the average budget.
The ‘human factor’
Your employees are your first line of defence, but also a potential blind spot. Nearly half of the cyber claims Hiscox received in 2018 involved some element of human error, such as a staff member clicking on an email containing malware, visiting an unsafe website or losing a work-related electronic device.
The main cause of claims is from business emails being hijacked, where cyber criminals break into an employee’s email account and then impersonate them to steal money or information. Hiscox’s next biggest source of a cyber-related claim is from ransomware.
So, the ‘human factor’ in cyber attacks is important, which is why it’s crucial to train your staff to spot a phishing or social engineering scam. Hiscox launched its online training platform, the CyberClear Academy, a year ago in an effort to help their customers defend against the online threat, and thousands of companies are already using it.
Supply chains now weak links
Supply chains are becoming a cyber security vulnerability, with nearly 60% of UK companies telling Hiscox they had suffered one or more cyber attacks in the past year due to a problem in their supply chain. They’re a firm’s weak underbelly so make sure your partners’ cyber security is up to scratch.
The cloud brings benefits, but also risks. More than one in five businesses surveyed reported problems resulting from outages in their third-party cloud service. Also, as companies increasingly store their information there, the cloud is now an attractive target for hackers. They will “take advantage of the fact that many businesses put too much faith in the cloud providers and don’t stipulate how and where their data is stored” to steal their information, state the National Cyber Security Centre and the National Crime Agency.
Cyber attacks have become increasingly frequent and volatile. Thousands of businesses are being hacked every day, so they need a plan to deal with an attack, as it’s now a case of when, not if, hackers will strike against a firm. Cyber insurance can be a cost-effective crisis plan for SMEs to deal with a threat that could, if they’re not prepared, sink them.
*Hiscox Cyber Readiness Report 2019, survey of 5,400 organisations across UK, Europe and US.
Cyberclear, Hiscox’s Cyber and Data Risks Insurance, has been ranked the most comprehensive policy by the Insurance Times. It is designed to support and protect your business if it experiences a data breach or is the subject of an attack by a malicious hacker that affects its computer systems. As an IoD member, you can save 5% for the lifetime of your policy with our preferred partner, Hiscox.
0800 280 0354
Find out more