Small and midsize businesses (SMBs) are estimated to have spent $57 billion on cybersecurity in 2020 alone, a figure that is expected to hit $90 billion in 2025. But, a staggering one in three companies in this range are using subpar cybersecurity tools or none at all. Furthermore, the same research by the consultancy firm Analysys Mason indicates that one in five companies have no endpoint security at all, while 43% don’t have a cybersecurity defense strategy in place.
A survey carried out by insurance provider Hiscox revealed that small businesses in the US had lost $25 thousand per incident on average, an alarming number as 23% of surveyed companies have suffered an attack in the last 12 months. The situation looks as dire in the UK: a poll by Vodafone revealed that a whopping 1.3 million SMBs would collapse if successfully attacked.
To counter the threat, some businesses choose to opt for cyber insurance, which covers the expenses if a subject suffers a cyber attack. The numbers reflect that too – according to Global Data, the global market for the cyber insurance industry will more than double by 2025 to exceed $20 billion.
However, cyber liability insurance is not a replacement for having a comprehensive cybersecurity strategy in place, says Algirdas Sakys, Information Security Manager at NordVPN Teams:
“For small businesses, preventive cybersecurity measures like making periodic backups, using a network-wide firewall, managing network access privileges, or simply providing basic cybersecurity training for personnel should be a no-brainer,” commented Mr. Sakys. “Regrettably, too many companies underestimate existing cyber threats and pay a steep price for it. Sure, cyber insurance might soften the blow but counting on that while putting their entire businesses in jeopardy is not a sustainable long-term strategy.”
According to the expert, SMBs overestimate the money-saving benefits of cyber insurance. Those wishing to save money by ignoring cybersecurity and opting in for an insurance policy will not get what they bargain for.
“Don’t get me wrong – having a cyber insurance policy is better than not having it,” added the NordVPN Teams expert. “But companies hoping to save by underinvesting in cybersecurity only to hedge it with insurance won’t get what they desire. In reality, the weaker the cybersecurity framework is, the costlier the insurance. There is no way around the fact that every company needs robust cybersecurity protocols in place.”
The SMB cyber threat landscape
According to ENISA, the European Union Agency for Cybersecurity, the five most common cyber incidents suffered by SMBs are phishing, web-based attacks, general malware, malicious insiders, and denial of service.
Small businesses have become more vulnerable to the mentioned threats in the face of the pandemic-related remote work reality.
“The rush in which SMBs had to adapt to remote work certainly left many cybersecurity blindspots unchecked,” the cybersecurity specialist continued. “Now, we see a steady upsurge in small businesses investing in the protection of their digital assets, but too many organizations remain in the red zone when it comes to cybersecurity.”
For SMBs to mitigate the risks posed by cyber threats, adds Mr. Sakys, they need to be aware of three main cybersecurity verticals: people, process, and technology.
Read the latest edition of PCR’s monthly magazine below: