According to a new report, US small businesses are still highly vulnerable to cyber incidents, despite improvements in preparedness. The report reveals that while the segment paid less to respond to cyber incidents last year, this reduction was countered by an increase in attacks and breaches.
Over the past 12 months, small businesses in the US paid over $16,000 in cyber ransoms, with the median number of attacks rising from 3 in 2022 to 4 in 2023. In 2023, 41% of small businesses fell victim to a cyber attack, up from 38% in the 2022 report and almost double the 22% in 2021.
The rise in cyber attacks is a concerning trend, as highlighted by Chris Hojnowski, Vice President and Product Head of Technology and Cyber at Hiscox USA. He emphasized the need for heightened awareness and vigilance among small business owners to protect themselves from cyber threats.
The report included insights from a survey involving over 500 US small business professionals, revealing a decline in the cost of cyber incidents year over year. However, the increasing number of attacks has offset these cost reductions.
Furthermore, the emergence of new artificial intelligence (AI) developments has made it more challenging to identify phishing emails, rendering previous detection methods less effective. Hojnowski stressed the importance of investing in cyber security, training, and insurance to combat the growing complexity of cyber attacks.
Despite an increase in IT security spending, the report found that many small businesses lack cybersecurity measures such as security awareness training and network-based firewalls. The need for better-trained employees as a primary defense against various types of losses was emphasized.
The report also assessed the cyber maturity of small businesses in the US, revealing that 63% are classified as intermediates, with only 4% considered cyber experts. The findings underscore the urgency for small businesses to enhance their cyber readiness and invest in measures to protect against cyber threats.
In light of the report’s findings, it is evident that small businesses in the US face significant challenges in addressing cyber security. It is crucial for small business owners to prioritize cyber readiness, invest in appropriate security measures, and ensure that employees receive adequate training to mitigate the risks posed by cyber threats.