Hacker, cybersecurity

You could be going out of business…and not even know it.

It is common to hear big business in the news – names you recognize, national business that is in front of Americans every day. But, according to research published in 2018 (a Vistage report by Cisco and the National Center for the Middle Market), big business is not the main target for cyber criminals. SMbs, or small to mid-size businesses, are actually at the center of the epidemic.

In fact, after analyzing companies in the United States and the United Kingdom, whose number of employees ranged from less than 100 to 1,000 (classifying them as SMBs), 67% of those surveyed responded that they endured a cyber-attack within the past year, with 70% paying ransoms to regain information needed to continue business operations.

Overall, it was found that most SMBs do not have an effective information technology operation in place, nor do they understand how to properly protect themselves against hackers. Insufficient personnel and finances also contributed to their likelihood of cyber-attacks. Struggling with internal IT capabilities in addition to using outside IT consultants compounds the risk of an attack.

The same report produced staggering numbers financially as well when dealing with the aftermath of a cyber-attack. The average cost per incident due to compromised employee passwords was $383,365 while the average cost of disruption of operations was $1.56 million.

The cost of recovery from a cyber-attack clearly demonstrates that SMBs should begin investing in a cyber preparedness plan before they face these financial consequences. One of the easiest steps an SMB can take towards their cyber-attack potential is purchasing a cyber insurance policy. Cyber policies are both affordable and come brokered by specialists who understand the risk a business faces when it comes to cyber-attacks.

SMBs, moving forward, should enlist the help of their broker to walk them through the type of risk management program they need, as it isn’t as simple as buying a cyber policy. There are certain policy exclusions and clauses that SMBs must be aware of to understand when they are and when they are not under the protection of cybersecurity insurance. Additionally, cybersecurity insurance is not a replacement for a strong IT infrastructure – they work together hand in hand.

In these turbulent times, SMBs should be doing everything in their power to prevent a cyber-attack, instead of dealing with the aftermath.