Too small to fail? SMEs underestimate their cyber exposure
A survey of SMEs released by Chubb today reveals a significant “perception gap” in cyber awareness that is putting businesses at risk. The survey of 1000 SMEs across the region, including 400 in Australia shows 60% believe they are less vulnerable to cyber incidents than their larger competitors. But Cyber Underwriting Manager for Chubb Asia Pacific, Andrew Taylor, told insuranceNEWS.com.au the opposite is true. He says smaller businesses do not have the same protections as larger corporates, with the misconception stemming from media reports of large-scale cyber attacks. “The press does show a lot of larger companies being breached, but the statistics show smaller businesses are being attacked more often,” he said. “SMEs are the low-hanging fruit as they don’t have the resources to defend an attack, but they do hold data relating to larger organisations. “They often don’t realise the value of the data they have.” Some 87% of respondents believe they can overcome an incident, with more than half (56%) believing they can contain an incident within 12 hours. These findings are contradicted by SMEs which have suffered cyber attacks. Some 60% of respondents experienced a cyber incident in the past year and 67% of the total respondents admitted they are not aware of all the cyber threats they face. Significantly, 30% of SMEs who experienced cyber incidents did not know which of their data files had been affected. “Some SMEs believe they are too small to be targeted by cyber criminals or any internal issues will not greatly impact them. In effect, they think they are too small to fail,” Mr Taylor said. “However, our own claims data highlights numerous small business compromises and ransomware events that are decimating the cashflow of small businesses.” The survey also uncovered a lack of understanding from SMEs regarding cyber insurance, with 59% of SMEs in Australia not fully understanding the insurance solutions available to them, while 62% have never purchased cyber insurance before.