Small businesses are leaving themselves exposed to significant financial risk from cybercrime by not having adequate measures in place to recover in the event of a cyber attack. That’s according to the findings of InsuranceBee’s Cyber Survey, which asked more than 1,000 SMBs how prepared they are to deal with cybercrime.
Although the average cost for small and medium-sized businesses to recover from a cyber attack is estimated to be $120,000, 83% of SMBs do not have any money reserved to get back to business as usual should a breach occur. A quarter were unaware it would cost money to put things right.
For those small business owners who have put money aside (17%) the focus is very much on recovering earnings, and IT-related costs, including purchasing new hardware and software. Few have considered reputation management (6%) or customer service (5%) and less than 10% stated that they had sufficient funds to pay for legal fees should a customer sue. A quarter (23%) have simply estimated what would need to be spent if an attack occurred.
Additionally, 54% of SMBs do not have a plan in place to deal with a cyber attack, with 20% stating that they would react if and when an incident occurred.
Lack of understanding
More than half (52%) of small business owners think it is unlikely their company will be a victim of a cyber attack. 6% think it will never happen.
Maureen Brogie, Senior Advisor, InsuranceBee said: ”Cyber insurance isn’t just for online firms. Just opening an email can threaten your business. Cyber attacks on SMBs are on the rise, but few have a solid contingency plan in place, let alone insurance.
Although many small business owners admit to being unprepared, 25% believe a cyber attack is a matter of ‘when’, not ‘if’, with a quarter also planning to ‘do more to prevent cyber attacks’. Despite being aware of the risks, 91% do not have a cyber liability policy, and 54% stated they do not know what a cyber policy covers.
Source: Help Net Security