KEY TAKEAWAY:
--SMEs are vitally important to the U.S. economy but are, for now, low-hanging fruit for hackers for a host of reasons.
----------
Small and medium-sized enterprises (SMEs) are extremely attractive targets for cybercriminals. Heavy reliance on external vendors exposes SMEs to risks, as many lack the necessary expertise and resources to thoroughly assess the security posture of their vendors. If a vendor has weak security practices or fails to adequately protect their systems, cybercriminals can exploit weaknesses in the vendor's software, networks or supply chain to gain unauthorized access to the small business's data or systems.
Additionally, smaller organizations often have fewer resources and weaker cybersecurity measures than their larger counterparts, making them low-hanging fruit for bad actors. Against this backdrop, Cowbell recently commissioned an independent research firm to survey SME leaders across North America to gauge their level of preparedness for a cyberattack.
The survey explored measures SMEs are taking to avoid cyberattacks, and their recovery plans should they fall victim to an attack. The Cowbell Cyber Round-Up: Q2 2023 survey revealed that only around half (55%) of SME leaders feel highly confident they are prepared for a cyberattack. Fifty percent of SMEs have already experienced a significant cyber incident in the past 12 months.
How can SMEs better prepare for the increasing threat of cyberattacks? They must shore up their cyber defenses to avoid incidents that could cause irreversible financial and reputational damage. Here is a sampling of key survey findings and actionable tips to help SMEs enhance security and mitigate potential risks effectively.
Cyberattack Preparedness and Aftermath
Survey respondents revealed a staggering lack of understanding about the cost of a cyberattack.
- 90 percent of SME leaders who experienced a serious incident said the cyberattack cost them more than anticipated.
- 81 percent of cyberattack victims suffered a drop in revenue due to the incident.
Cyberattack methods like malware, phishing and ransomware are becoming more common, making a comprehensive cybersecurity strategy mission-critical. SMEs with a cybersecurity strategy were nearly two times more likely to recover quickly from a cyberattack than those without a cybersecurity strategy.
See also: How to Fight Rise in Cyber Criminals
Protect Your Business With Cyber Insurance
Thirty-three million U.S. organizations are defined as “small businesses” based on data from the U.S. Chamber of Commerce. The segment is critically important to the health of the U.S. economy, and equipping them with the right resources and tools to prevent and fight threats is key. Survey respondents cited having a cyber insurance policy as critical to a sound cybersecurity strategy.
- 72 percent of SMEs without cyber insurance said a major cyberattack could destroy their business.
- 91 percent of respondents with cyber insurance policies said their insurance provider helped them avoid potential incidents.
- Comprehensive, flexible cyber insurance coverage protects SMEs when it comes to business interruption, data recovery and legal liabilities stemming from a cyberattack. Cyber insurance isn’t a nice-to-have – it’s a must-have to fight against today’s threats and bad actors.
Lower Your Risk of Cyberattacks
Cyber incidents against SMEs threaten socio-economic stability, as SMEs create jobs and account for a large percentage of U.S. economic activity. SMEs don’t have to be vulnerable targets for cyberattacks. Basic cybersecurity hygiene is extremely effective against the threats affecting SMEs.
By defining a cyber risk management strategy, purchasing cyber insurance and adopting cybersecurity best practices, SMEs can shore up their cyber defenses to prevent and mitigate threats. Cyber insurance, in particular, can help SMEs lessen the severity of and even prevent cyber incidents. Cyber insurance providers help narrow the protection gap with clearly defined risk and augmented underwriting.