Despite improvements in preparedness, US small businesses remain highly vulnerable to cyber incidents. According to a recent report, while these businesses paid less to respond to cyber incidents last year, they experienced an increase in attacks and breaches. The median number of attacks rose from 3 in 2022 to 4 in 2023, and 41% of small businesses fell victim to a cyber attack in 2023, a substantial increase from previous years.

The report also highlighted that US small businesses paid over $16,000 in cyber ransoms over the past year. Chris Hojnowski, Vice President and Product Head of Technology and Cyber at Hiscox USA, expressed concern over the rise in cyber attacks, emphasizing the significant impact this has on small businesses. Hiscox surveyed over 500 US small business professionals to assess their preparedness in combatting cyber incidents, as part of a global survey involving over 5,000 professionals responsible for their company’s cyber security strategy.

Hojnowski noted that while the cost of cyber incidents has decreased slightly, the increase in the number of attacks has offset this improvement. Additionally, new developments in artificial intelligence have made it more challenging to identify phishing emails, emphasizing the need for constant vigilance and improved cybersecurity measures. Despite an increase in IT security spending, the report revealed areas of vulnerability, such as a lack of security awareness training and network-based firewalls in many small businesses.

Hojnowski stressed the importance of training and investments in cybersecurity to protect against cyber-attacks, underscoring the need for better cyber readiness across all business sizes. The report also highlighted that the US ranks second in cyber maturity behind France, with the majority of small businesses categorized as intermediates in cyber expertise. This indicates a need for continued improvement in cyber readiness and expertise among small businesses in the US.

In conclusion, Hiscox’s cyber readiness report brings attention to the ongoing vulnerability of US small businesses to cyber-attacks and the need for increased investments in cybersecurity measures and training to mitigate these risks.