Small businesses today are prone to a lot of the same hazards as yesteryear. But they’re largely unprepared to handle 21st Century threats to their companies.
Floods, fire or any other type of natural disaster could spell doom for a lot of businesses but for a lot of those events, having a good insurance policy and a plan for dealing with them could help keep the business going through the difficult time ahead.
But small businesses are not preparing themselves in the event of a new kind of potential disaster, a cyber attack.
Three-quarters (a full 75 percent) of small businesses in the U.S. do not have cyber risk insurance or aren’t sure if their policy covers a cyber attack.
Lack of Cyber Risk Insurance a Concern
That’s according to the identity protection firm IDT911, which just released a new report showing most small businesses in the U.S. are highly unprepared in all phases for a cyber attack and have no plan in place if such an event were to occur.
So, maybe knowing how vulnerable they could be to an attack would change the collective tune of businesses toward cyber security? Not quite.
Businesses aren’t really willing to shell out any more money in the name of cyber security, either, despite their vulnerability and the despite the meteoric rise in cyber attacks against businesses of all sizes, but especially against small businesses.
Sixty-five percent of the small businesses surveyed by IDT911 said they don’t have funds budgeted for cyber security and have no plans to make any funds available for it.
This data really underscores American businesses’ lack of preparedness for a cyber attack in all facets, not just a lack of a proper cyber risk insurance policy.
And this is startling because 1 in 3 businesses told IDT911 that they really would have a hard time sustaining company operations without access to critical business systems that would be compromised during an attack.
Knowing this, you’d figure that the first reaction on the part of businesses would be to pay off hackers in a desperate attempt to save their business. Nope.
A whopping 84 percent of small businesses say they wouldn’t pay any amount of money to hackers who held their sites for ransom. And only 3 percent of those responding to IDT911 say they’d pay more than $10,000 to alleviate a ransomware attack.
That’s probably a good reaction but likely not being done for the right reason. It seems money and a lack of knowledge are the driving factors behind the lack of a grasp of the severity of this situation.
Apart from checking into cyber security insurance plans and what they’d really cost your business — remember the possibility of being held for ransom and what that would cost when you’re considering a policy — one of the simplest steps you could take is to back up your data.
By doing this, you’re already ahead of nearly 80 percent of your contemporaries. Backing up systems and files is an important step in preparing for the likelihood of a cyber attack but only 22 percent of small business owners have gone even this far.
Don’t think that just backing up files is enough, though. It’s the least you could do, according to IDT911 founder and chairman Adam Levin. He says, “Training alone isn’t enough. Cyber risk insurance isn’t enough and, sure as heck, backed-up data alone isn’t enough.
Small businesses need a cyber risk insurance policy in place today but most don’t know the first thing about the subject and really aren’t dipping further into the coffers to change that.
A proper plan includes making yourself and your team aware of the threats and how to prevent a cyber attack or prevent one from going beyond, say, a suspicious email that stays unopened. It also includes constant monitoring of all systems to prevent an attack and being made aware the second a threat is detected. And lastly, the plan should include a comprehensive response to the “What if …”.
Levin says, “We’re talking about complete and utter paralysis of systems that could spell lost revenue, viciously impacted customers and a potential near-extinction level event for a business.”
More in: Cybersecurity, Insurance
This brings us back to the topic of setting up some security systems for our business. Security is not enough. It is better with insurance.