Nearly eight in 10 small business owners in the U.S. don’t have cyberattack response plan, but 63% have had at least one incident: study

Nearly eight in ten surveyed small business owners in the United States don’t have a cyberattack response plan, even though 63% of them have been victims of at least one type of cyberattack, according to a study commissioned by Nationwide, a Columbus, Ohio-based diversified insurance and financial services organization.

The survey, released on Tuesday, focused on 500 U.S. small business owners with fewer than 300 employees and who have at least a moderate role in employee benefit selection, Nationwide said in a statement. According to the survey, 79% of small business owners have no cyberattack response plan in place. When asked why not, 46% said they feel their current software is secure enough, and 40% said they do not feel their company will be affected by a cyberattack. 

At the same time, 73% are at least “somewhat concerned” with a potential cyberattack affecting their business — especially since 63% of small business owners admit they have been victims of at least one of the following:

• Computer virus (44%);

• Phishing (30%);

• Trojan horse (22%);

• Hacking (16%);

• Data breach (11%);

• Issues due to unpatched software (10%);

• Unauthorized access to customer information (9%); and

• Unauthorized access to company information (8%).

The study also found that perceived ease of recovery contributes to the deprioritization of cybersecurity – virtually all small business owners (95%) are at least somewhat confident that they’ll recover from an attack. In the aftermath of a breach, there’s overall agreement that the actual data breach is quicker to fix (61% say it would take less than three months) than either the financial (45% say less than three months) or reputation/trust (49%) damages. [click image below to enlarge]

Nationwide offers the following 10 tips to help small business owners and their insurance agents create a cybersecurity plan:

• Insurance – Acquire cyber insurance to cover losses in case of a breach or fraud;

• Perimeter – guard the physical perimeter to prevent hackers from accessing sensitive data and the company’s computer network:

• Employees – Educate employees, as they are the company’s first line of defence against cyber criminals;

• Firewall – Activate a firewall to block connections that are used to hack into the system and deliver viruses;

• Software – Install and regularly update spyware, antivirus and malware software to help prevent and detect any of those from affecting computers;

• Passwords – Use stronger passwords of 8-10 characters that include letters, numbers and special characters and change them regularly;

• Network – Secure wifi networks to prevent hackers from accessing servers or using the Internet connection without knowledge;

• Social – Set social network profiles to private and check security secure, and be mindful of information posted online;

• Data – Encrypt the most sensitive data, make a backup and store it in a fireproof safe or off-site; use a dedicated computer for all sensitive information; and

• Vendors – Carefully select online computing services, because any information shared with vendors can be compromised by their system.