Do Small Businesses Need Cyber Security?

"Hackers don’t target small business."

"I have insurance."

"I use anti-virus software."

"My IT guy handles that."

Small business owners set themselves up for unnecessary risks when they buy into these myths. The facts are that hackers do target small businesses, having the right insurance MAY help, and that software and IT staff can’t do enough to protect your business and your customers. And that all adds up to the conclusion that yes, small businesses do need cyber security.

Cyber Attacks and Small Business By The Numbers

Many small business owners believe the myth that small businesses aren’t the target of sophisticated cyber attacks. Here are some stats that might get you thinking otherwise. (source, source, source).

• Over 60% of small businesses reported at least one attempted attack.
• 60% of small businesses that experience a data breach close their doors within 6 months.
• According to IBM, it takes an average of 228 days to discover an active cyber attack. Only 47% of small businesses discovered the breach within days.
• 43% of all successful attacks involve small to medium-sized businesses.
• According to CISCO, nearly half of small business victims experienced at least eight hours of downtime.
• 80% of hacker activity is directed towards web applications.
• Nearly all small businesses consider themselves NOT financially prepared for an attack.
• 43% of small businesses still do not have a Cybersecurity plan in place.

What Are The Top 4 Cybersecurity Threats Facing Small Businesses?

There are several aspects to cybersecurity threats. First, there are a few common methods of attack, including social engineering, phishing, malware, etc. Then, there are threats that target a lack of preparedness. In our experience, we see the following as the overall four greatest threats facing small businesses when it comes to cybersecurity:

1. Lack of Training: Humans are the cause of 100% of successful cyber attacks. That may sound harsh, but the truth is all points of vulnerability can be traced back to a human mistake, whether it’s defending against a phishing attack, reporting a discovered breach, or properly securing and configuring hardware. And training is the key to stopping this threat.
2. Social Engineering: Hackers are getting smart when it comes to getting humans to give up sensitive information, including usernames and passwords, financial information, and personal information that can be used to launch an assault once that information is known.
3. Web Applications: A web application is built upon a software stack that requires regular updates and upgrades. From the hardware server all the way to user permissions and access, there are many threats to business software, and hackers will try them all.
4. Malware: The type of malware that is getting the most press is Ransomware, but there are many kinds of malware. Hackers are getting better and better at tricking employees into installing this malware on the company’s network, including clicking an email link or sticking in an infected thumb drive into the USB slot (imagine finding one with an enticing label like, “2022 PowerBall Numbers [TOP SECRET]”).

What About Cyber Insurance?

We hear two things when it comes to insurance. First, many business owners mistakenly believe their general liability insurance covers damages from cyber attacks. It does not. Second, many believe that their cyber insurance may cover the damage. It MAY not. Insurance companies lost billions of dollars last year due to cyber attacks. Now, they are being very diligent with claims. They use two tactics to avoid paying: limiting payouts and declaring “Failure to comply”, meaning they claimed the business was negligent in not putting proper cybersecurity plans in place or not following through on existing plans.

Did you know you may be required to disclose an attack to your insurance? It depends on your state and level of compliance, but something as simple as not reporting an incident could mean no claim.

Finally, let’s say your business is properly insured, and then you get hacked. Think of the damage done due to loss of intellectual property, to your reputation, and the PR nightmare that may ensue. Insurance won’t cover that.

How Can You Protect Your Business From Cyber Attacks?

If you’re like most small business owners, you don’t have people dedicated to cyber security. You likely don’t have other resources assigned to protect your business. Don’t worry, that’s both common and easy to fix.

Start here, with our Basic Security Principles. It’s a white paper with three steps you can take to secure your business. That’s a great first step. From there, we can help you put together a cybersecurity plan to monitor, detect, and respond to any attacks.

Download the white paper.

Basic Security Principles