One company became a victim when a cybercriminal infected it with a ransomware virus, taking its servers hostage and holding them for ransom.
Another business was attacked by an organized gang of cybercriminals that planned a complex social engineering scheme to steal customer credit card information by impersonating a third-party vendor and installing malware.
Such attacks are becoming more common and can potentially cripple a company’s work and reputation — forcing them to pay hundreds to thousands of dollars (if they are not insured, as is the case with most small businesses). While the aforementioned businesses experienced different forms of cyberattacks, they survived in part because they had cyber insurance coverage that provided them with the necessary resources that enabled them to shorten their recovery time and incur fewer expenses than if they had to go it alone.
According to Nationwide’s third annual survey of small business owners (1-299 employees), released on Oct. 9, more than 20% of cyberattack victims spent at least $50,000 and it took them longer than six months to recover. But 7% spent more than $100,000, and 5% took a year or longer to rebuild their reputation and customer trust.
“Cyberattacks are one of the greatest threats to the modern company,” said Mark Berven, president of Property & Casualty for Nationwide. “Business owners are telling us that cybercriminals aren’t just attacking large corporations on Wall Street. They’re also targeting smaller companies on Main Street that often have fewer defense mechanisms in place, less available capital to re-invest in new systems and less name recognition to rebuild a damaged reputation.”
Hackers love to attack small businesses because they typically don’t have the resources to put in high-end cybersecurity protection, and often are not consciously aware they are a target. According to Small Business Trends, 3 in 4 small businesses do not have cyber insurance coverage.
The U.S. National Cyber Security Alliance found that 60% of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stood at $690,000 in 2016.
Nationwide’s survey found that 13% of business owners said they experienced a cyberattack. However, that number jumped to 58% when owners were shown a list of the following types of attacks — revealing a 45% gap and lack of understanding about what constitutes an actual attack (see graphic below).
Part of the problem facing a business’ ability to recover from an attack is that a majority of owners are not prepared. In fact, 57% of owners do not have a dedicated employee or vendor monitoring for cyberattacks — and therefore, could be victims without even knowing it.
Further, most don’t have a cyberattack response plan in place (76%), a plan in place to protect employee data (57%) or a plan to protect customer data (54%). Threats continue to grow as more companies are now frequently using new technologies such as the Internet of Things (37%) and Artificial Intelligence (24%) in a potentially unprotected environment.
While the vast majority of business owners say it’s important to establish cybersecurity best practices recommended by the U.S. Small Business Administration, fewer report actually following those best practices:
- Protect against viruses, spyware and other malicious code: 85% say, 65% actually do
- Secure their networks: 85% say, 58% actually do
- Make backup copies of important business data and information: 85% say, 59% actually do
- Establish security practices and policies to protect sensitive information: 83% say, 50% actually do
- Control physical access to computers and network components: 81% say, 60% actually do
- Require employees to use strong passwords and to change them often: 80% say, 52% actually do
- Educate employees about cyber threats and hold them accountable: 76% say, 42% actually do
- Protect all pages on public-facing websites, not just the checkout and sign-up pages: 74% say, 42% actually do
- Employ best practices on payment cards: 73% say, 47% actually do
- Create a mobile device action plan: 64% say, 26% actually do
You can also access more tips and resources during National Cyber Security Awareness Month.
Survey Methodology: Nationwide commissioned a 20-minute, online survey among a sample of 1,069 U.S. small business owners. Small business owners are defined as having between 1-299 employees, 18 years or older, and self-reported being a sole or partial owner of their business. The margin of error for this sample is +/-3% at the 95% confidence level. Conducted by Edelman Intelligence, a full-service consumer research firm, the survey was fielded between May 16-24, 2017.
About Nationwide: Nationwide, a Fortune 100 company based in Columbus, Ohio, is one of the largest and strongest diversified insurance and financial services organizations in the U.S. and is rated A+ by both A.M. Best and Standard & Poor’s. The company provides a full range of insurance and financial services, including auto, commercial, homeowners, farm and life insurance; public and private sector retirement plans, annuities and mutual funds; banking and mortgages; excess & surplus, specialty and surety; pet, motorcycle and boat insurance. For more information, visit www.nationwide.com.