COLUMBUS, OH – Small businesses are more likely to be the target of a cyberattack than larger companies, but a recent Nationwide Agency Forward survey shows they are not prepared to recover if an attack occurs. Most small business owners also heavily underestimate how damaging a cyberattack could be for their company.
Cyber risk insurance – which helps protect and offset against the impacts of an attack – is also not on their radar. Less than three in 10 small business owners report having cyber coverage, compared to 71% of middle market businesses.
“While we often hear about data breaches at large corporations, many cyber criminals have set their targets on small businesses that are more vulnerable and often lack the protections and resources larger organizations can afford,” said Peter McMurtrie, president of Commercial Lines at Nationwide. “It’s critical in today’s digital age for businesses of all sizes to have protections in place to safeguard sensitive information and prevent a breach from jeopardizing their future.”
Small businesses aren’t prepared
Less than half of small business owners (48%) feel ready to prevent a cyberattack on their business, compared to 83% of middle market business owners – and a gap in cybersecurity training measures could be a factor.
Small business owners are significantly less likely to be taking important precautions with their employees:
Just 56% of small business owners report offering cybersecurity training at least once a year, compared to 94% of their middle market counterparts
Less than a quarter of small business owners (24%) send regular phishing test emails to employees, compared to about two-thirds (65) of middle market business owners
Customers are watching
The impact on their business’s reputation could be another blind spot for small business owners. Eight in 10 are confident their business would retain its customers and reputation after an attack.
Cyberattacks are top-of-mind for consumers today and 76% say they’d stop doing business with the company responsible for a breach that impacted them. One in 10 small business owners say they’ve experienced a cyberattack in the past. Of those, more than half say the attack impacted or jeopardized their business’s finances and customer trust.
Lack of knowledge could be to blame
Only 28% of small business owners report having cyber insurance compared to 71% of middle market business owners. Why? Most likely because they don’t know about it. Small business owners cite not knowing enough about cyber risk insurance (40%) and being unaware it was even available to them (32%) as their top reasons for not carrying the coverage.
Forty percent of small business owners surveyed expect a cyberattack to cost less than $1,000 and another 60% think it would take less than three months to fully recover.
On average, Nationwide claims data shows cyber claims range between $15,000 to $25,000 in recovery costs, not to mention the length of time it could take to restore their brand’s reputation as they manage potential legal fallout during unassisted, lengthy restoration processes. The average recovery time for a business after an attack is 279 days.
“Small business owner concern around cyberattacks has risen 15% since the beginning of the pandemic, but most owners still don’t realize the extent of damage a cyberattack could have on their company and livelihood,” added McMurtrie. “Agents have strong opportunities to bust some of these common misconceptions around effects post-cyberattack and emphasize that there is greater risk than just loss of funds – business reputation is at stake.”
Owners are open to learning more
Although small businesses were found less likely to have cyber coverage, they overwhelmingly responded that they’re interested in learning more about what a cyber insurance policy has to offer. When made aware of cyber protection resources and products, about 75% of small business owners say they’re interested in purchasing common coverages.
Small business owners are specifically interested in cyber protection resources or products:
Computer fraud protection – 75%
Identity recovery protection – 75%
Computer attack protection – 73%
Data compromise protection – 67%
Network security liability protection – 63%
Misdirected payment fraud protection – 62%
Cyber extortion protection – 59%
Electronic media liability protection – 54%
The survey also found about 70% of commercial lines agents say their clients are concerned about a cyberattack but less than half regularly discuss cybersecurity with their customers.
“When educated about the different coverage options and resources available to them, both small and middle market business owners show high interest in cyber protection and are likely to purchase due to their increased reliance on technology,” said McMurtrie. “Now is the time for agents to be prioritizing cyber conversations with their commercial clients to protect them from ever-changing cyber threats and provide them peace-of-mind to focus on their operations.”