We’re always curious about what businesses like yours care about most. And, because the simple act of listening is becoming a lost art, we like to ask a lot of questions and then do just that—listen. You know what keeps you up at night, not us. We ask, you tell, we listen. It’s a virtuous cycle. As a small business who works every day to satisfy your customers, you’ve probably become good listeners, too.
Much of our inquiry these days, unfortunately, is about cybercrime. How much business owners know about cyber attacks, what they may have already done to protect their business, and what they might do next—that’s what we’re thinking a lot about these days.
So, we did a survey…
Our survey was sent to thousands of small businesses across multiple industries. Eighty percent of our survey results came from businesses with 10 or fewer employees. The survey was administered by a professional third-party research firm last month, and the sample size we extracted was statistically significant.*
We asked questions about business owners’ knowledge of cyber attacks, current cybersecurity protections used by small businesses, and attitudes about services that can protect companies against vulnerabilities and attacks.
What our survey results told us about cyber attack preparedness was…unexpected. And not necessarily in a good way.
But first, some of the positive news: a whopping 93 percent of you are either concerned or “very” concerned about the impact of a cyber-attack, which means that most respondents are already aware that it’s not just the big companies getting attacked these days. You’re aware and staying current on the topic. Encouraging.
Paradoxically, however, less than half of you (45 percent ) have taken preventative steps, like encrypting your data or implementing policies requiring employees to change passwords frequently. Moreover, only a surprisingly low 20 percent have employee data security procedures or a recovery plan in place to deal with an attack. What’s going on here?
Our data imply that there is a lot of dice-rolling by American small businesses. Given the general level of unpreparedness by the good guys (you), as well as the newfound interest in targeting small businesses by the bad guys, our finding that 85 percent of small businesses don’t have any cyber insurance coverage whatsoever is troubling, to say the least. And what about the 15 percent who do have cyber insurance? We found that the vast majority (80 percent) have only bought a rider to their business owners’ insurance policy, providing insufficient coverage for today’s risk and regulatory environment. This means 97 percent of American small businesses are either uninsured or underinsured against a cyber loss.
Is there a bright spot?
Indeed. Our survey found that a healthy 83 percent reported that their number one focus relative to cyber risk is to protect their company and employees from phishing email scams. And what’s really amazing and heartening is that more than half of survey respondents (55 percent) have already purchased a service to protect their employees’ email inboxes through training and protocols. And for good reason: the FBI just released statistics citing that more than $12.5 billion have been lost via phishing emails and social engineering scams (a particularly confounding crime in which someone impersonates a boss or colleague to get passwords or to request wire transfers). But small business owners can do more to protect their investments and livelihoods.
Let’s put it this way, if you’re trying to protect your home from invasions, the value of installing locks, doorbell cameras, and alarm systems is quite obvious—a no-brainer—but you also insure your property against a theft if those measures somehow fail. But when it comes to protecting your business from cyber invasions, too few are taking analogous measures, such as installing firewalls or two-factor authentication, and shockingly few of you are adequately insuring yourselves against the costly consequences of a breach. That’s dangerous.
Small business owners are the pumping heart of the American economy, to be admired for their ingenuity, hard work, and the ability to seize opportunities, make good decisions, and grow. Every coin has two sides, however, and protecting against the downside risks to the business— including the rapidly spreading plague of cyber attacks—is equally important to maintaining the cash flow, momentum and confidence that makes it all work.
You can’t do everything you’re told to do to protect against cybercrime (have you ever accepted the suggested practice of using fifty-character passwords? Neither have we). But you can probably enhance what you’re doing today to ensure your business and your dreams don’t disappear into the ether along with your customer and financial information. This includes a few well-considered cybercrime security measures and insurance coverage to help you continue and recover should the worst happen.
*The online survey for this research was designed and fielded by Market Decisions Research (Portland, Maine). Data collection took place between September 5-17, 2018. Margin of error is +/- 4.8% [95 CI].
Mason Power, Head of Cyber, AP Intego
The SmallBizRising Blog is designed to be an educational content hub pulling information, best practices and practical advice for the small business owner and features topics including accounting, marketing, technology and more. Be sure to subscribe to stay up to date with new content as it is posted. The blog was created by The Neat Company and receives contributed content from a group of contributing companies that provide technology, services and solutions to small businesses.