While cyber breaches are in the news all the time, many businesses still have not prepared for one – even if they have experienced an attack of one form or another. Nationwide Insurance did a survey of 500 small businesses and here are some of the results:
- 8 out of 10 small businesses do not have a cyber attack response plan even though they have experienced some form of cyber attack.
- 46% feel their current software is secure enough.
- 40% don’t think they would be affected.
- 73% say they are concerned and
- 63% say they have been the victim of some form of attack such as viruses, phishing, hacking and data breaches.
So, if 73% say they are concerned but 80% say they don’t have a plan, doesn’t that sound odd?
If you had a business in South Florida on the beach, wouldn’t you have a hurricane plan?
If you had a business in tornado alley, wouldn’t you have a tornado plan?
I think the difference is that people have an idea of what to do in case of a tornado or hurricane and really are at somewhat of a loss on what to do in case of a cyber attack.
And the comment about who is interested in me? That is, I am sure, what Fazoli Mechanical thought before the FBI swarmed their offices. Fazoli was ground zero for the Target hack. So even if you are not interesting yourself, someone that you connect with might be interesting.
Also, to prepare for a hurricane, you can go to Google and get some sound advice. Not so much so for cyber protection.
In my opinion, the insurance carriers need to step up to the plate and help small businesses a lot more than they do today. Creating a tri-fold brochure and calling it good just won’t cut it.
Kroll, a firm who does a lot of work in breach investigation and remediation says that 31% of the breaches were due to mistakes and not state sponsored terrorism. Even employees at small businesses make mistakes.
For those businesses that do not have a plan, when they have a breach, they are likely going to be scrambling. At that point they will likely make mistakes and spend a lot more money. The large consulting firms that deal with breaches typically charge 50% to 100% more per hour when dealing with emergencies rather than planned activities. You might say they are taking advantage of the situation. They might say they are covering your tush due to your lack of planning. Half full or half empty?