Even though cyberattacks seem to be showing no sign of slowing down, the majority of small business owners seem unfazed about the threat they pose, and the possibility that they might one day be the victim of a cybersecurity breach themselves.
In a follow-up to a 2017 poll of Manta members, Insureon surveyed 2,400 business owners on the topic of small business cybersecurity. While most of the results aligned with the 2017 survey, one notable difference is even fewer respondents than last year think they are at risk for a cyberbreach. Only 16 percent of respondents expressed concern that they may be at risk compared with 18 percent last year.
When asked if they feel at risk for a data breach, 84 percent of respondents said no. Perhaps that is because 86 percent of small business owners said they have never experienced a data breach. More than half of the respondents think hackers tend to target larger businesses over smaller ones.
Other survey highlights include:
• 73% of small business owners don't think they have customer data that would be susceptible to a cyberattack.
• 73% have cybersecurity protocols in place to protect against breaches.
• 76% think their business could survive a cyberbreach.
• 64% manage their own IT needs.
In addition, 33 percent of respondents said they have cyber liability insurance, an increase of 7 percent from our 2017 survey.
Cyberattacks against small businesses are common
Eighty-four percent of respondents said they aren't particularly worried about a cyberattack, but maybe they should be. Of the thousands of cybersecurity incidents that happen daily in the United States, 61 percent occur at smaller businesses.
For businesses that experience a breach, the fallout isn't cheap. The average cost of a small business data breach is $86,500, according to Internet security firm Kaspersky Labs. While that amount isn't likely to have much of an impact on a major corporation, it could be devastating for a small business owner.
To learn more about the high cost of data breaches, read "Why cyber liability insurance claims cost so much."
Cybersecurity tips you can implement today
The good news is that 73 percent of respondents are taking active steps to protect their business against cyberthreats. The security protocols they reported using include:
• Software to prevent malware and viruses
• Spam filters
• Automated software updates and data backups
• Regular vulnerability scans
While that's a good start, there is much more small business owners can do to protect their company from cyberattacks, including:
Regularly updating software
Installing software updates as they become available is one of the best ways business owners can protect their computer network from potential viruses and other malware.
Ensuring point-of-sale systems are secure
Businesses that use a point-of-sale system should consider installing end-to-end encryption software. This immediately encrypts credit card information as it's received, and then again as it's being sent to the software's server.
Teaching employees how to spot malware and phishers
One in 131 emails contains malware, the highest rate in five years, according to Symantec's "2017 Internet Security Threat Report." Small business owners can reduce their chances of being a victim by training employees on how to spot phishing attempts.
Hiring an IT expert
Sixty-four percent of the small business owners we surveyed said they handle cybersecurity needs themselves, up from 58 percent in 2017. While handling IT secruity without outside help can save money, business owners may not know best practices for cybersecurity. Business owners that can't afford a full-time IT employee should consider hiring an IT consultant.
It's not possible to protect a business against every cyberthreat, but implementing a security strategy can help prevent many potential issues.
Cyber liability insurance can protect small businesses
If a small business does experience a data breach, cyber liability insurance can cover expenses such as:
• Customer notification
• Fraud and credit monitoring services
• Cyber extortion reimbursement
• Legal expenses, including lawyer fees and any damages
There are two main types of cyber liability insurance: first party and third party. Most small business owners will want to consider purchasing first-party cyber liability coverage, which is typically available either as a standalone policy or as an add-on to a business owner's policy. First-party coverage can help pay expenses when a business's network is hacked and data is stolen.
Third-party coverage can pay for legal costs if a customer or partner sues a business, alleging that a data breach occurred because of something the business did – or failed to do. Third-party coverage is typically purchased by businesses that protect or work with another business's data, such as an IT consultant or a data analyst. Business owners might choose either or both types of coverage, depending on their needs.
Cyber liability insurance can't prevent a cyberattack, but it can help ensure that if a business experiences a data breach, it has the necessary financial resources to recover.
Learn more about cyber liability insurance for small businesses.