The Chubb’s Third Annual Cyber Report reveals employee education is key for small businesses to prevent cyberattacks. Even with headline after headline about the latest data breach, people are not encouraged to defend against their cyber exposure.
The goal of the report is to determine the level of understanding individuals have about their cyber risks. While at the same time looking at the steps they are taking to protect themselves.
For small businesses with limited resources, complacency can have detrimental consequences. This is because the chance of a small company going out of business after a cyberattack is highly likely. And the best way to defend themselves is by making everyone in the company more aware.
This is what Fran O’Brien, Division President of Chubb North America Personal Risk Services, emphasized in the press release for the report.
O’Brien rightly points out, “When it comes to your cybersecurity, there’s no such thing as being over-prepared.”
He goes on to say, “While it’s important that the vast majority of respondents remain concerned about a breach, concern itself isn’t enough. Individuals often say their lack of cybersecurity action is because it seems too time-consuming in the moment. But implementing cyber safeguards today will save time and financial resources tomorrow, should a breach occur.”
If you are a valued target, sooner or later a breach is very likely to take place. And just because you are a small business, it doesn’t mean you are immune to attacks. Because 43% of cyberattacks target small businesses.
2019 Cybersecurity Risk Statistics
In the study, 70% of the respondents say their company has “excellent” or “good” cybersecurity practices. But only 31% of them receive annual company-wide training or updates from their employer.
Considering employee education lies at the core of the cybersecurity problem, more needs to be done. And the lessons they receive have to be from a reliable source. Because the survey says more than a third are learning about protection against cybersecurity risks from mainstream media (35%) and family and friends (34%).
Only 19% report they learn about cybersecurity protection through their employer. This means the vast majority of the workforce doesn’t have the necessary skills to protect their business. And this results in employees and individuals not being able to identify an attack when it is taking place.
The one common form of attack the respondents defined correctly is ransomware at 54%. But it goes downhill from there as most of them couldn’t identify credential stuffing (59%), Emotet (72%), and Ryuk (74%).
These forms of attacks are barely scratching the surface, and unless your company specializes in cybersecurity it is impossible for your staff to know everything. The key is to teach your employees so they can have a general understanding of these common attacks.
Coupled with strict governance and mandatory annual training, you can bring your employees up to speed. And according to Chubb, the training, which can be taken online and limited to an hour, is enough to help employees identify breach warning signs. By identifying these signs, your employees can stop full-blown attacks so you can intervene.
Small businesses can implement policies to ensure everyone in the company becomes part of the first line of defense against a cyberattack. But even with the best efforts, it may not be possible to stop an attack. And this is why cyber insurance should be a serious consideration to fully protect your business.
According to Chubb, with the right cyber insurance, you can get an inclusive mix of defensive and protective measures. This includes capabilities which provide fast response in a worst-case scenario. In addition to a financial loss mitigation tool, it should also help individuals understand how to prepare ahead of a potential cyber-attack.