Research shows that cyber-attacks on small businesses are on the rise. However, SMB owners are exposing themselves to significant financial risk by not implementing adequate steps to recover from a cyber-attack.
InsuranceBee recently conducted a survey of over 1,300 SMBs, revealing that 54% do not have a plan in place to deal with a cyber-attack. A further 20% stated they would only act if and when an incident occurred.
A Poor Recovery
More worrying is a lack of awareness among SMB owners regarding the cost of recovering from a cyber-attack. According to a study by, the average cost for small and medium-sized businesses to recover from a cyber-attack is estimated to be $120,000. Yet 83% of SMBs do not have any money reserved to get back to business as usual in the event of an attack. A quarter of SMBs are not aware that it would cost money to fully recover.
For the few who have put money aside (17%), the focus is very much on IT-related costs. This includes purchasing new hardware and software, and recovering lost earnings. When it comes to other aspects of recovery, such as reputation management, customer service, and legal fees (should a customer sue), very little consideration is given to how much money would be required to cover these costs. Nearly a quarter (23%) of SMB owners simply estimate the cost if an attack occurred.
Lack of understanding is making SMB owners vulnerable to cybercrime.
This level of unpreparedness is somewhat understandable. After all, 52% of small business owners think it is unlikely their company will be a victim of a cyber-attack. 6% think attackers will never target their business. Additionally, many SMB owners are simply not aware of the risks of cybercrime. Just 25% believe that a cyber-attack is a matter of ‘when’, not ‘if’. Only a quarter are planning to ‘do more to prevent cyber-attacks’.
When asked about protection, rather than prevention, 91% of small business owners admitted they do not have cyber liability insurance. Cyber liability insurance can help speed up recovery. Additionally, it can protect a business from loss of income and reputation damage in the event of a data breach. However, as 54% did not know what a cyber liability policy covers, it seems insurance providers need to do more to help SMB owners understand exactly how this coverage can protect their business.
Unfortunately, cyber criminals will always be looking for new ways to exploit vulnerabilities. Because SMBs have less cash and resources to put into cybersecurity, they will continue to be an easy target.
A summary of findings from InsuranceBee’s Cyber Survey is available at: https://www.insurancebee.com/blog/758/smb-owners-unprepared-for-cybercrime