Small companies ‘fail to act after cyber attack’

Small companies ‘fail to act after cyber attack’ [Image: solarseven via iStock]

Some 65 per cent of small companies fail to take action after a cyber attack, despite nearly half of them having suffered a breach in the last year.

This is according to the 2018 Hiscox small business cyber risk report.

It also found that 50 per cent of organisations blame budget constraints for their lack of action.

The report revealed that 47 per cent of more than 1,000 small businesses surveyed had suffered at least one cyber attack in the past year. Meanwhile, 44 per cent of those that reported experiencing a cyber attack during this time suffered two to four attacks, and eight per cent reported being targeted in five or more attacks.

Hiscox found that small businesses estimated their average cost for incidents in the last year to be $34,604 (£26,006). Showing that the cost of a cyber incident increases as companies grow, large organisations (with more than 1,000 employees) reported that the annual average cost of cyber crime was $1.05 million.

The report recommends that small businesses take steps to prevent, detect and mitigate potential cyber attacks. The authors wrote: “These steps are not overly complex or costly, and small businesses can significantly protect themselves by taking action.”

Hiscox advises that businesses involve and educate employees at all levels about cyber security. It added that companies should have “a formal budgeting process in place” and that they should “ensure cyber security is considered and prioritised in decision making”.

In order to improve their capability to detect cyber attacks, the report advises businesses to include intrusion detection and ongoing monitoring on all critical networks. It recommended that organisations “track violations, including those that are successful and thwarted, and generate alerts using both automated monitoring and manual logging”.