65% of Small Businesses Fail to Act Following Cyber Security Attack

• Cyber a Top Concern: Two-thirds of small businesses surveyed reported cyber risk as a top concern for potential business impact on their organization in the coming year.
• Lack of Strategy:  Barely half (52%) of small businesses reported having a clearly-defined strategy around cyber security.  
• Training: Less than one-third (32%) of small businesses have simulated phishing experiments to assess employee behavior and readiness in the event of an attack.
• Budget Catch-22: Despite keeping cyber threats as a top-of-mind concern, 50% of small businesses say they’re challenged by a lack of budget.  

While budgeting for cyber-related resources is critical, people, processes and technology must also be incorporated to ensure cyber readiness. When it comes to cyber attacks, Hiscox recommends small businesses consider the following steps as best practices: 

• Prevent: Involve and educate employees at all levels within the business. Have a formal budgeting process in place and ensure cyber security is considered and prioritized in decision-making.
• Detect: Include intrusion detection and ongoing monitoring on all critical networks. Track violations (including those that are successful and thwarted), and generate alerts using both automated monitoring and manual logging.
• Mitigate: Create a plan for all incidents, from detection and containment to notification and assessment, with specific roles and responsibilities clearly defined. Regularly review response plans to integrate emerging threats and new best practices. Insure against financial risks with a stand-alone cyber policy or endorsement.

The 2018 Hiscox Small Business Cyber Risk Report™ focuses on the responses of US small businesses surveyed as a part of the Hiscox Cyber Readiness Report 2018™, which was released February 7, 2018.