The less-than-encouraging news: Only a third (33%) of US small businesses consider cyber risk high or very high.
The somewhat encouraging news: 53% of U.S. small businesses have either a standalone cyber insurance policy or have cyber coverage through another policy.
The annual Hiscox Cyber Readiness Report, which gauges businesses’ preparedness to combat cyber incidents and breaches, surveyed over 5,000 cyber security professionals across the globe, including more than 500 small business professionals in the U.S.
Among the US businesses surveyed, the reported median cost of cyberattacks has decreased from $10,000 in 2022 to $8,300 in 2023. However, the median number of attacks has risen from three in 2022 to four in 2023.
While over half (53%) reported that they are insured against cyberattacks, preventative measures in systems and training lag.
Despite a 10% increase in median IT budgets and a 24% increase in cybersecurity spending over the last 12 months, 59% of small businesses don’t use security awareness training.
Two out of five (43%) businesses surveyed don’t have network-based firewalls, and 41% surveyed do not use data backup recovery and restoration systems. When it comes to cyber expertise, 63% of small businesses in the US are intermediates, and only 4% are cyber experts.
“In the never-ending arms race of cyber criminals versus cyber security, new technology developments and employee training can tip the scales either way,” said Chris Hojnowski, Vice President and Product Head of Technology and Cyber for Hiscox in the US.
“Phishing is still the most common point of entry for ransomware attacks, and new developments like AI can undermine our tried and trusted ways of spotting a phishy email,” he said. “Proactivity is the best form of defense when it comes to cyber, and a team is only as strong as the weakest link – or least-trained employee – in the chain.”
Both training and up-to-date system protection are critical to stopping attacks.
In ransomware attacks, the most common points of entry were phishing (53%), unpatched servers/VPN (38%) and credential theft (29%).
Is paying the ransom worth it? The numbers say probably not. Among businesses that paid ransoms, only half (50%) recovered all their data, and 27% of the time, hackers made additional demands for money. On top of that, 50% of businesses that paid a ransom were forced to rebuild systems.
Was this article valuable?
Here are more articles you may enjoy.
GEICO Tops Progressive With Higher J.D. Power Scores 
Zurich to Buy AIG’s Travel Insurance Business for $600 Million 
US P/C Insurers Post Best Q1 Underwriting Result In 17 Years 
BlackSuit Cybercrime Gang Blamed in CDK Hack That Roiled Car Dealers 
