Nationwide survey highlights cyberattack numbers in US

Survey shows ongoing lack of understanding around what is becoming an ever-increasing threat

Nationwide survey highlights cyberattack numbers in US

Insurance News

By Lyle Adriano

Cyber insurance is now more important than ever for any business owner – if the results of a recent survey are anything to go by.

A survey conducted by Nationwide found that nearly half of all business owners did not know they were on the receiving end of a cyberattack.

The report, the third in Nationwide’s annual series, surveyed 1,069 business owners with between one and 299 employees. While the survey found that 13% of business owners said they experienced a cyberattack, that number jumped to 58% in total when owners were shown a list of specific threats that could qualify as a cyberattack

The breakdown of cyberattacks respondents have confirmed is as follows:
  • Computer virus: 36%
  • Phishing: 29%
  • Trojan horse: 13%
  • Hacking: 12%
  • Data breach: 7%
  • Ransomware: 7%
  • Issues due to unpatched software: 7%
  • Unauthorised access to company info: 7%
  • Unauthorised access to customer info: 6%
The results of the survey revealed a 45% gap and lack of understanding about what constitutes an attack.

“Cyberattacks are one of the greatest threats to the modern company,” commented Nationwide property and casualty president Mark Berven.

“Business owners are telling us that cybercriminals aren’t just attacking large corporations on Wall Street. They’re also targeting smaller companies on Main Street that often have fewer defense mechanisms in place, less available capital to re-invest in new systems and less name recognition to rebuild a damaged reputation.”

The survey also discovered that over 20% of cyberattack victims spend at least US$50,000 and took longer than six months to recover, while 7% spent more than US$100,000 and 5% took a year or longer to rebuild their reputation and customer trust.

Other things the survey revealed included:
 
  • 57% of owners do not have a dedicated employee or vendor monitoring for cyberattacks.
  • 76% of respondents do not have a cyberattack response plan in place; 57% lack a plan to protect employee data, and 54% do not have measures in place to protect customer data.
  • Of the various cybersecurity best practices recommended by the US Small Business Administration:
    • 85% say they protect against viruses, spyware and other malicious code, but only 65% actually do so.
    • 85% say they secure their networks, versus the 58% that actually do.
    • 85% say they make backup copies of important business data and information, but only 59% follow through.
    • 83% talk about establishing security practices and policies to protect sensitive information, but only 50% make good on their promises.
    • 81% say they control physical access to computers and network components – only 60% do so.
    • 80% of the respondents say they require employees to use strong passwords and to change them often, but only 52% implement their policy.
    • 76% say they educate their employees about cyber threats and hold them accountable, but only 42% actually do.
    • 74% say they protect all their pages on public-facing websites (and not just their checkout and sign-up pages), but only 42% follow through.
    • 73% say they employee best practices on payment cards – only 47% can truly back their claims.
    • 64% have said that they have created a mobile device action plan, but only 26% have done so.


Related stories:
CFC Underwriting helps brokers address clients’ phishing concerns
Yahoo cyberattack surpasses predictions

Keep up with the latest news and events

Join our mailing list, it’s free!