Half of your clients have already suffered a cyberattack – but they just don’t realize it

New insurer survey shows just how common the problem is – and why your business clients need cover

Half of your clients have already suffered a cyberattack – but they just don’t realize it


By Lyle Adriano

Cyber insurance is now more important than ever for any business owner – if the results of a recent survey are anything to go by.

A survey conducted by Nationwide found that nearly half of all business owners did not know they were on the receiving end of a cyberattack.

Celebrate excellence in insurance. Join us at the Insurance Business Awards in Chicago.

The report, the third in Nationwide’s annual series, surveyed 1,069 business owners with between one and 299 employees. While the survey found that 13% of business owners said they experienced a cyberattack, that number jumped to 58% in total when owners were shown a list of specific threats that could qualify as a cyberattack

The breakdown of cyberattacks respondents have confirmed is as follows:
  • Computer virus: 36%
  • Phishing: 29%
  • Trojan horse: 13%
  • Hacking: 12%
  • Data breach: 7%
  • Ransomware: 7%
  • Issues due to unpatched software: 7%
  • Unauthorized access to company info: 7%
  • Unauthorized access to customer info: 6%
The results of the survey revealed a 45% gap and lack of understanding about what constitutes an attack.

“Cyberattacks are one of the greatest threats to the modern company,” commented Nationwide property and casualty president Mark Berven.

“Business owners are telling us that cybercriminals aren’t just attacking large corporations on Wall Street. They’re also targeting smaller companies on Main Street that often have fewer defense mechanisms in place, less available capital to re-invest in new systems and less name recognition to rebuild a damaged reputation.”
The survey also discovered that over 20% of cyberattack victims spend at least $50,000 and took longer than six months to recover, while 7% spent more than $100,000 and 5% took a year or longer to rebuild their reputation and customer trust.

Other things the survey revealed included:
  • 57% of owners do not have a dedicated employee or vendor monitoring for cyberattacks.
  • 76% of respondents do not have a cyberattack response plan in place; 57% lack a plan to protect employee data, and 54% do not have measures in place to protect customer data.
  • Of the various cybersecurity best practices recommended by the US Small Business Administration:
  • 85% say they protect against viruses, spyware and other malicious code, but only 65% actually do so.
  • 85% say they secure their networks, versus the 58% that actually do.
  • 85% say they make backup copies of important business data and information, but only 59% follow through.
  • 83% talk about establishing security practices and policies to protect sensitive information, but only 50% make good on their promises.
  • 81% say they control physical access to computers and network components – only 60% do so.
  • 80% of the respondents say they require employees to use strong passwords and to change them often, but only 52% implement their policy.
  • 76% say they educate their employees about cyber threats and hold them accountable, but only 42% actually do.
  • 74% say they protect all their pages on public-facing websites (and not just their checkout and sign-up pages), but only 42% follow through.
  • 73% say they employee best practices on payment cards – only 47% can truly back their claims.
  • 64% have said that they have created a mobile device action plan, but only 26% have done so.

Related stories:
D&Os need to understand and mitigate their corporate cyber risk
Yahoo hack far bigger than first thought

Keep up with the latest news and events

Join our mailing list, it’s free!