Small Businesses and the Threat of Cyberattacks
Cyberattacks on large companies such as Target, Equifax, Sony, and others have been big news while attacks on smaller organizations tend not to attract much attention. Media focus on the damage done to large businesses may be one reason why small and medium-sized businesses are less aware of and less prepared for the potential threat of cyberattacks. The reality is that these companies should be very concerned about cybersecurity. Small and medium-sized businesses are squarely in crosshairs of cybercriminals.
The 2017 State of Cybersecurity in Small & Medium-Sized Businesses report from the Ponemon Institute analyzed data from over 600 respondents. Here are a few of the more sobering findings:
- 61 percent have experienced a cyberattack in the past 12 months, up from 55 percent in 2016.
- 54 percent had data breaches involving customer and employee information in the past 12 months.
- The average cost of these attacks was $2,235,000 including $1,208,000 in disruption to normal operations.
- 52 percent described the cyberattacks as ransomware, up from 2 percent in 2016.
- Only 21 percent describe their organization’s IT security posture regarding cybersecurity as very effective.
- When asked to describe the challenges preventing their organization’s IT security posture from being fully effective, 73 percent named insufficient personnel and 56 percent named insufficient budget.
The growing number and frequency of cyberattacks on small and medium-sized businesses does not necessarily mean that they are being explicitly targeted, rather that these organizations are more vulnerable. In either interpretation, the data indicates that small and medium-sized businesses need to get serious about protecting their systems and information.
MiniCo Insurance Agency is launching a new cyber liability insurance product to address these incidents. Coverage will address security and privacy liability, crisis-management costs, data recovery and loss of business income, regulatory defense and remediation costs, and cyber extortion.
The intent of this message is to heighten the awareness of this exposure. It is highly recommended that you schedule a meeting with your insurance agent to identify potential exposures, review implementation of preventive measures, and identify the appropriate cyber liability coverage solutions for your organization.
President and CEO