Only 16% of small business owners think they are at risk for a cyberattack

Even though cyberattacks seem to be showing no sign of slowing down, the majority of small business owners seem unfazed about the threat they pose, and the possibility that they might one day be the victim of a cybersecurity breach themselves.

In a follow-up to a 2017 poll of Manta members, Insureon surveyed 2,400 business owners on the topic of small business cybersecurity. While most of the results aligned with the 2017 survey, one notable difference is even fewer respondents than last year think they are at risk for a cyber breach. Only 16% of respondents expressed concern that they may be at risk compared with 18% last year.

When asked if they felt at risk for a data breach, 84% of respondents said no. Perhaps that is because 86% of small business owners said they have never experienced a data breach. More than half of the respondents think hackers tend to target larger businesses over smaller ones.

Other survey highlights include:

• 73% of small business owners don't think they have customer data that would be susceptible to a cyberattack.
• 73% have cybersecurity protocols in place to protect against breaches.
• 76% think their business could survive a cyberbreach.
• 64% manage their own IT needs.

In addition, 33% of respondents said they have cyber insurance, an increase of 7% from our 2017 survey.

Cyberattacks against small businesses are common

Eighty-four percent of respondents said they aren't particularly worried about a cyberattack, but maybe they should be. Of the thousands of cybersecurity incidents that happen daily in the United States, 61% occur at smaller businesses.

For businesses that experience a breach, the fallout isn't cheap. The average cost of a small business data breach is $86,500, according to internet security firm Kaspersky Labs. While that amount isn't likely to have much of an impact on a major corporation, it could be devastating for a small business owner. 

Cybersecurity tips you can implement today

The good news is that 73% of respondents are taking active steps to protect their business against cyber threats. The security protocols they reported using include:

• Software to prevent malware and viruses
• Firewalls
• Spam filters
• Automated software updates and data backups
• Regular vulnerability scans

While that's a good start, there is much more small business owners can do to protect their company from cyberattacks, including:

Regularly updating software
Installing software updates as they become available is one of the best ways business owners can protect their computer network from potential viruses and other malware.

Ensuring point-of-sale systems are secure
Businesses that use a point-of-sale system should consider installing end-to-end encryption software. This immediately encrypts credit card information as it's received, and then again as it's being sent to the software's server.

Teaching employees how to spot malware and phishers 
One in 131 emails contains malware, the highest rate in five years, according to Symantec's "2017 Internet Security Threat Report." Small business owners can reduce their chances of being a victim by training employees on how to spot phishing attempts.

Hiring an IT expert
Sixty-four percent of the small business owners we surveyed said they handle cybersecurity needs themselves, up from 58% in 2017. While handling IT security without outside help can save money, business owners may not know best practices for cybersecurity. Business owners that can't afford a full-time IT employee should consider hiring an IT consultant.

It's not possible to protect a business against every cyber threat, but implementing a security strategy can help prevent many potential issues.

Cyber liability insurance can protect small businesses

If a small business does experience a data breach, cyber insurance can cover expenses such as:

• Customer notification
• Fraud and credit monitoring services
• Cyber extortion reimbursement
• Legal expenses, including lawyer's fees and any damages

There are two main types of cyber liability insurance: first party and third party. Most small business owners will want to consider purchasing first-party cyber liability coverage, which is typically available either as a standalone policy or as an add-on to a business owner's policy. First-party coverage can help pay expenses when a business's network is hacked and data is stolen.

Third-party coverage can pay for legal costs if a customer or partner sues a business, alleging that a data breach occurred because of something the business did – or failed to do. Third-party coverage is typically purchased by businesses that protect or work with another business's data, such as an IT consultant or a data analyst. Business owners might choose either or both types of coverage, depending on their needs.

Cyber liability insurance can't prevent a cyberattack, but it can help ensure that if a business experiences a data breach, it has the necessary financial resources to recover.