Despite improving preparedness, US small businesses are still highly vulnerable to cyber incidents. A recent report by Hiscox USA indicates that while the small business segment paid less to respond to a cyber incident this past year, it was offset by increased attacks and breaches.
In its annual cyber readiness report, Hiscox revealed the median cost of cyber-attacks decreased for small businesses in the US from $10,000 in 2022 to $8,300 in 2023. At the same time, the median number of attacks has risen from 3 in 2022 to 4 in 2023.[1]
Additionally, 41% of small businesses fell victim to a cyber-attack in 2023, a rise from 38% in the 2022 report and close to double from 22% in 2021. US small businesses paid over $16,000 in cyber ransoms over the past 12 months. Hiscox says the rise is highly concerning. “Forty-one percent (41%) isn't that far off from a coin flip of it is happening to you,” said Hiscox.
So, how are small businesses faring against cyber-attacks? Hiscox polled over 500 US small business professionals and gauged their preparedness to combat cyber incidents. This was part of a global survey involving over 5,000 professionals responsible for their company’s cyber security strategy.
Some of the cyber readiness report’s key findings are:
- Small businesses take cyber risk seriously and are protecting themselves. A third (33%) of US small businesses consider cyber risk high or very high, ahead of economic issues and competition. Bearing the risk in mind, more than half (53%) of SMEs have either a standalone cyber insurance policy or have cyber coverage through another policy.
- Ransomware is costing small businesses in a big way. US small businesses paid over $16,000 in cyber ransoms over the past 12 months. For enterprises that paid ransoms, only half (50%) recovered all their data, and 27% of the time, hackers made additional demands for money.
- Phishing is still the primary point of vulnerability. In ransomware attacks, the most common points of entry were phishing (53%), unpatched servers/VPN (38%), and credential theft (29%).
“The cost has decreased a little bit year over year, which is good from the eyes of people affected by cyber breaches,” said Hiscox. “With that said, the number of attacks has grown, so you're getting a little bit of offset from how much these acts cost.”
See: https://redskyalliance.org/xindustry/small-buisness-owners-beware
Small business owners are getting smart, but so are cyber threat actors - New artificial intelligence (AI) developments have also undermined some tried and trusted ways of spotting phishing emails.
“We used to be able to identify phishing emails pretty easily because the grammar used to be not perfect, punctuation would be off – the emails would just seem off,” Hiscox said. “Now, with the implements of artificial intelligence and ChatGPT, there are ways of making emails sound more realistic.” But he added that AI tools, and constant vigilance, can also help small business owners protect themselves. “There are ways to protect yourself from it, such as an inbox scanner that can spot any bad links or a corrupted email address. But you always have to be looking and aware,” he added.
The growing complexity of cyber-attacks also underscores the importance of additional investments in cyber security, training, and insurance. But while IT security spending has increased, there are still areas of vulnerability.
Hiscox’s report showed that despite a 10% increase in median IT budgets and a 24% increase in cybersecurity spending over the last 12 months, 59% of small businesses don’t use security awareness training. Further, 43% of the surveyed companies don’t have network-based firewalls. “From a claims perspective, better-trained employees are your number-one defense against many types of losses. Training needs to be better in this space,” he cautioned.
For all business sizes, the US ranks second (behind France, 2.98) for cyber maturity, scoring 2.94. Regarding cyber expertise, 63% of small businesses in the US are intermediates, and only 4% are cyber experts, according to Hiscox’s survey.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
[1] https://www.insurancebusinessmag.com/us/news/cyber/despite-awareness-small-businesses-still-highly-vulnerable-to-cyber-attacks-474678.aspx
Comments