Chubb has published an advisory which outlines that while cyberattacks on major companies often make the headlines, SMEs continue to be much more common targets.
Entitled “Cyber Attack Inevitability: The Threat Small & Midsize Businesses Cannot Ignore,” the advisory noted that – according to Chubb’s claims data – 60% of all cyber events experienced by small and midsize businesses in the past three years were caused by external factors (i.e. events that are a result of individuals or organizations where the impacted company has no relationship).
The advisory also offers real-world examples of cyber threats, and how they can lead to considerable losses to small and medium businesses. Something as simple as leaked business email account information could allow a cybercriminal to transfer large sums of money into a fraudulent bank account, the advisory cautioned.
“Small and midsize businesses are directly in the crosshairs of cyber criminals in the United States and across the world,” commented Chubb global cyber practice division president William Stewart.
Stewart explained that cybercriminals are savvy enough to target SMEs, even if they are considered “smaller” than major corporations.
“These businesses often assume they are not targets for cyber criminals, due to their size, industry, or lack of large databases of personal information. However, the reality is quite the opposite: smaller businesses are actually more vulnerable and considered prime targets for cyber criminals, as their security measures are more likely to be outdated or underprioritized, opening the door for cyber criminals to deploy attacks quickly, cheaply, and anonymously,” he said.
Citing a report from Juniper Research, which said that the total number of connected internet of things (IoT) sensors and devices is set to exceed 50 billion by 2022, Stewart added that the IoT could translate into even more risk for the SMEs that use them.
“If companies are going to be able to operate moving forward, cyber security must be a central focus of management teams,” he said.
“Cyber incidents can be costly and even disastrous for a small business. On average, it costs about US$400,000 to recover from a single cyber incident, with more than 4,000 incidents occurring every single day,” the division president explained. “The cost and frequency of these attacks highlight the importance of the issue at hand. However, despite these daunting statistics, the majority of cyber incidents are preventable, as they mostly stem from human error or a simple lack of proper training.”