top of page
Modern Workspace

Strengthening Cyber Resilience for Small Businesses

No business is too small to fall victim to cybercriminals

Sam Shay, the creative director of Socotra, emphasized that small- and mid-sized businesses have become easier targets for professional cybercriminals. These cybercriminals prefer targeting smaller entities due to the perception that such businesses may not be as well-prepared or well-protected as large corporations. Shay suggests that insurance companies could do more to bridge the perception gap by providing education on the growing threats that smaller businesses face.

 

Many business owners, however, tend to associate cyberattacks with the large-scale data breaches that make headlines, such as UnitedHealth’s Change Healthcare breach. These high-profile attacks usually involve massive ransom demands reaching millions of dollars, but smaller businesses face substantial risks as well. For instance, the median cost of a cyberattack was just $18,000 in 2022, according to the Hiscox Cyber Readiness Report, which warns that smaller businesses are now prime targets for cybercriminals.

Free Wifi

Shay noted a stigma surrounding cyber insurance, which often stems from the belief that cyberattacks primarily affect large corporations. This misconception, however, leaves smaller businesses vulnerable. He emphasizes that no business is too small to be concerned about cyberthreats.

 

While cyber insurance has become even more critical, the Global Cybersecurity Outlook 2024 Report by the World Economic Forum shows a concerning trend. Despite heightened awareness of cyberthreats, the number of businesses with cyber insurance has decreased by 24% since 2022. Over 60% of respondents from the cyber and business sectors reported not carrying cyber insurance, even though 33% expressed fears of losing access to essential services due to a cyberattack, and 27% were worried about cyber extortion.

Computer Office Work

Cyber insurance provides businesses of all sizes with not only financial protection but also educational resources and tools to bolster cyber resilience. Companies with coverage tend to adopt stronger cybersecurity practices, training their employees to recognize and prevent potential attacks. Shay highlights that “the best insurance claim is one you don’t have to file,” underscoring the value of prevention.

 

For small business owners, having cyber insurance offers peace of mind, knowing they have the necessary support to recover from an attack. However, it’s essential to remain vigilant, have a comprehensive response plan, and be prepared to switch to alternate protocols immediately in case of an attack. Shay even pointed out that small businesses like pizza parlors are not immune to cyber risks.

Modern cyberattacks are not like the stereotypical hacker movies of the '90s, Shay explained. Today’s most significant threats stem from social engineering tactics, where criminals manipulate individuals into granting them access to the system. These methods include phishing, business email compromise, and baiting. Nevertheless, businesses can defend against these tactics by strengthening access controls, closing vulnerable points of entry, and educating employees through ongoing cybersecurity training.

 

Shay also touched on the growing risks for property owners. With the increasing number of connected devices and Wi-Fi-enabled appliances, anything connected to a company’s network can pose a threat. He advises businesses to create as many protective layers as possible between their data and end users.

In addition to training, Shay recommends practicing cybersecurity drills, especially within the IT departments, to ensure businesses are prepared to act swiftly in the event of an attack. These preparedness drills, often referred to as tabletop exercises, simulate real-world scenarios and help companies improve their breach detection and response strategies. Businesses should review and update their cyberattack protocols annually, consulting legal counsel and ensuring compliance with their cyber insurance policies.

 

In today’s landscape, enhancing cyber resiliency through education, training, and a solid insurance policy is key for businesses to thrive in an increasingly dangerous digital world.

Meeting
Modern Workspace
Who Pays?
Modern Workspace
bottom of page