According to a recent survey carried out by Aon, eight out of 10 SMEs don’t see cyberattacks or data loss as a significant risk for their business and over half our still confused about the way GDPR rulings affects their business.
A Hiscox report in 2019 surveyed more than 5,400 small, medium and large businesses across seven countries, including UK, Germany, the US, Belgium, France, the Netherlands and Spain. UK businesses have been identified as having the lowest cybersecurity budgets, despite the rising financial impact.
The big data breaches reported in the media do of course help to raise awareness but they can also have the opposite effect of causing data breach fatigue, whereby the belief of a small business is that the time, cost and high-end security needed to combat cyber-attacks are complicated and overwhelming. Reporting of only the big data breaches also fuels the ‘it will never happen to us’ attitude toward cyber risks.
There seems to be a misunderstanding of risk and that it must be complicated. When in fact, it’s not all about high-end security but having the basics in place to protect you from attacks. Employee knowledge and education play a huge role.
OnePoll conducted a survey of 1000 SMEs which revealed around one in four allow staff to use their own devices for work. If devices are not properly encrypted and controlled they give a greater risk to a business for cybersecurity breaches. The ‘bring your own’ device scenario needs to be properly monitored.
SMEs are not realising just how horrendous the impact of a breach can be on their business, let alone what needs to be done if one should occur. A cyber breach brings required action from mandatory reporting to keeping affected clients and customers informed. This communication can leave your client feeling uneasy and worried about your company possibly causing irredeemable reputational damage. A cyber breach is not just about paying a fine and replacing computers and laptops.
Am I not covered by my Commercial Insurance or Professional Indemnity?
Whilst many businesses have Professional Indemnity Insurance in place, there are significant costs to PI or other Commercial Insurances won’t cover. It is worrying to hear that one in seven businesses believe the costs of a cyber-attack are covered by their PII and three in ten choose not to insure against cyber-attacks or fraud.
Isn’t it time you invested in cyber insurance?
A specialist insurance policy covers not only the costs of responding to a breach but also the costs of damages you’re likely to pay in the event of a breach or security failure, as well associated legal costs. It can seem daunting and you may be thinking that you don’t know where to start. Riskworks will work with you to provide a cover and risk management advice to protect your business. We will be happy to have a meeting with you to discuss your concerns about cyber liability and the impact severe financial, operational and reputational damage could have to your business.
Call 01625 547754 or email alexb@riskworksbusiness.com or visit www.riskworksbusiness.com/cyber