Even with improving awareness of the threats from the cyberspace, as well as more comprehensive security, there remains a misconception about the risks that originate from the World Wide Web – especially within SMEs.
Troy Filipcevic, founder and managing director of cyber insurance specialist Emergence, explained that SMEs often, wrongly, believe that such attacks predominantly target larger businesses. This misconception, he said, needs to change. Filipcevic, who is one of the speakers at Insurance Business’s TechFest on May 14, spoke to us about the need for SMEs to fully realise the need for comprehensive protection within the cyber sphere.
“There’s still this misconception that cyberattacks aren’t going to happen to the little guys,” Filipcevic told Insurance Business. “Based on our claims experience, and the statistics point to it too, it’s the SMEs and the smaller firms that are greatly impacted by cyber threats.”
This misplaced belief is tied to the idea that cyber criminals are only interested in targeting those large, multinational firms, rather than smaller companies – with the thinking being that there is more to gain by attacking bigger businesses. While this idea is partly true, SMEs are wrong to believe that they will be spared as cyber criminals focus their criminality on larger firms.
“SMEs are impacted the most - not that the bigger firms aren’t, but they have the resources to properly respond,” said Filipcevic. “It’s those SMEs that don’t have a dedicated cyber security team within arm’s reach that fail to properly respond.”
While the majority of large businesses and insurers have dedicated IT teams and broad cyber protection software, it’s the SMEs that don’t that have more to lose when a cyberattack occurs. Filipcevic said that for many of those firms, the emphasis was on ensuring the businesses run smoothly and customers receive a great service, while cyber security takes a relative backseat. “Cyber security is often an afterthought,” he said. “There should be a drive now to buy proper security and to receive a quasi IT team who can step in and properly respond to threats.”
The misconception that SMEs are not in the eyesight of cyber criminals also originates from a dichotomy between reported cyberattack numbers and what SMEs see in their day-to-day business. A lot of the statistics and numbers about cyberattacks come out of the United States and are huge in numbers, meaning that information is not localised and it becomes hard for SMEs to link it to their own business.
“A lot of it is hard to comprehend, from an SME perspective,” Filipcevic said. “There remains this misconception from SMEs in, for example, Sydney, Newcastle or Wollongong who think – ‘that’s not relevant to me!’”
Read more: The changing threat of cyberattacks
Simply getting a run-of-the-mill anti-virus protection or standard security software is not enough. Much like a flu virus, cyber threats rapidly morph when protective measures against it are introduced.
“Cyber viruses morph and change,” FIlipcevic explained. “Cybercriminals aren’t sitting still; their attacks are constantly changing.” Like a standard vaccination, current anti-virus software protects you from what is known, not what is not. This means that stronger, protective measures are needed by SMEs to defend against ever-changing and ever-present attacks from the cyber realm.
To learn more about cyber risks, and to hear from other industry figures on cyber-related topics, sign up to Insurance Business’s TechFest in Sydney on May 14.
