Many small businesses vulnerable to cyber attacks
Despite the increased threat of cyber-attacks during the pandemic, almost half (47%) of Canadian small businesses surveyed by the by Insurance Bureau of Canada (IBC) say they do not allocate any portion of their annual operating budget to cyber security. This marks an increase of 14% from 2019, when one-third (33%) said they do not allocate any budget to cyber security.
In 2021, 41% of small businesses that ever suffered a cyber-attack reported that it cost them at least $100,000, up from 37% in 2019. However, fewer than half of the businesses surveyed (46%) said they have set up any kind of defense against possible cyber-attacks, and only a quarter (24%) say they plan to purchase cyber insurance within the next year.
“The COVID-19 pandemic has forced many small businesses to adopt digital processes and move some of their traditional business online,” said Jordan Brennan, vice-president of Policy Development for IBC. “Unfortunately, this has created increased opportunities for cybercrime. While cyber-attacks on larger businesses receive more media attention, small businesses are also a target for online criminals.”
In the first half of 2021, insurers paid out over $106 million in cyber liability claims. Incidents of cybercrime – particularly ransomware attacks – have increased drastically since 2020, as criminals began to prey on people working from home due to the pandemic. A report by law firm McCarthy Tétrault found that ransoms and the resulting lost productivity cost Canadian organizations an estimated $5.1 billion in 2020 alone.
“Cyber insurance can help victims pay for many expenses related to cyber-attacks, such as civil fines, legal damages, forensic investigations, data restoration costs and other expenses to restore their business operations,” explained Brennan. “Before looking for cyber insurance quotes, business owners should take preventive actions to demonstrate to their insurance representative that they are a lower risk.”
Brennan recommends that business owners follow these steps to help secure their data:
- Enforce multi-factor authentication on login and network access;
- Focus on email security: enable attachment scanning, use external sender banners and train staff (or develop protocol) on spotting and containing malicious phishing attempts; and
- Run regular data backups and make sure the backups have unique credentials.
IBC conducted a similar survey in 2019 and has compared those results with the results of this most recent survey to look for trends in how small businesses (sole proprietors and those with up to 499 employees) are managing cyber security. The 2021 report has been published to coincide with Cyber Security Awareness and Small Business Month in October, and to help educate small business owners on the risk of cyber-attacks and ways they can protect themselves.
Source: Insurance Bureau of Canada