Small businesses misunderstand their cybersecurity vulnerabilities

Small businesses misunderstand their cybersecurity vulnerabilities

Many small business owners mistakenly believe that they are unlikely to be the targets of a cyberattack. However, a new study from business insurance company Embroker, the 2023 Cyber Risk Index, finds that 78% of their respondents said they had experienced a cyberattack, up from 67% in 2022. 

Interestingly, 48% also said they believed they were unlikely to face a potential data breach or ransomware attack. How the start-ups were funded also affected their views on their cyber risks. Forty percent of the companies that were in the earlier stages of development (Seed and Pre-Seed funding) thought an attack was somewhat or extremely likely, while 56% of companies with Series A & B funding thought an attack was likely. Companies further along their funding path (Series C+) were more likely to recognize their cyber vulnerabilities, as 72% believed an attack was likely. 

A study by Accenture found that nearly 45% of cyberattacks perpetrated targeted small and medium-sized businesses. With the average cost of a cyberattack on these entities ranging from $826 to $653,587 depending on the type of attack, as well as the severity, cyber insurance is a necessary risk management strategy for any start up.

According to the Embroker study, founders are also beginning to understand the long-tail benefits of having cyber coverage, with 47% saying it had provided them with the additional services necessary to respond in the wake of an attack, 43% indicated that it had actually made it easier for them to secure funding, and 39% found that it helped them comply with federal requirements. 

See also  Le Programme des associés en cautionnement canadien (P.A.C.C)

The report also showed that businesses are becoming better educated about the benefits of purchasing cyber insurance, although 36% said they don’t have it due to the cost, which was a 8% drop from 2022, while 16% still don’t believe it is necessary as compared to 32% in 2022.

Eighty-five percent of the respondents indicated that they were considering new cyber protections in 2024. 

Disruptive technologies like artificial intelligence (AI) are also a concern for startups, with 21% of respondents saying they believed it would impact their business in the near future. Their biggest concerns were malicious AI (37%) and attacks on their partners or key suppliers (37%). 

While the companies recognized that these technologies have positive aspects, 90% were also concerned about how their use by bad actors could affect their cybersecurity, and 76% were confident that if they were subjected to a malicious AI attack, they had the processes in place to recover from it.

This figure conflicts with information from the Accenture Cybercrime study, which found that 75% of SMBs would be unable to operate if they suffered a ransomware attack, which could have devastating effects, including closure.

It’s often the simplest things that lead to the most disastrous outcomes. In its study, Accenture found that 80% of hacking incidents involved compromised passwords or access to employees’ credentials. Data encryption is an essential aspect of protecting sensitive information, but only 17% of small businesses utilize it. 

As businesses of all sizes become more reliant on technology, cybersecurity risks will only increase. Understanding these risks and how to mitigate them is vital for all companies because cyberattacks don’t discriminate.