The Hiscox Cyber Readiness Report 2020 highlights the risks small businesses face in staying secure against cyber attacks. Ivy Offor, our Cyber Analyst, explains why businesses of all sizes should have a robust cyber awareness training programme in place.
Every time cyber security within an organisation is discussed, we constantly reference ‘the human firewall’ – referring to employees following a set of best practices to prevent or reduce the risk of cyber threats to their organisation.
Build the firewall
One of the major ways to build an effective human firewall is by educating employees through cyber awareness training. While critical for large businesses, cyber awareness training is equally as important for smaller businesses.
The Hiscox Cyber Readiness Report 2020* highlights the cyber risk for small businesses that have less funding for cyber security and lack dedicated cyber security personnel, leading to inadequate security controls and increased risk.
Small businesses often don’t have the resources to bounce back either. Our report highlights that the median cost for experiencing any cyber event in 2020 was US$7,000 for businesses with one to nine employees. Costs jump to a median of US$50,000 for 50-249 employees.
The smaller businesses getting it right
But it’s not all bad news. Some small firms labeled as ‘expert’ in our report got it right. One in six of these small business experts were digitally savvy companies in the technology, media, and telecom, retail and wholesale, and construction industry sectors. They all engaged actively in cyber awareness training, deployed anti-virus or anti-malware systems consistently across the organisation, and made decisions based on clearly defined business needs or cyber security tolerances.
But, if cyber awareness training is key, how can businesses of all sizes gain access to affordable training?
Free cyber training
One option is the Hiscox CyberClear Academy, an online interactive suite of cyber training content, offered free to our cyber customers worldwide to help them mitigate and manage their cyber risks. Using training material developed from emerging cyber risks and customer claims insights, topics include phishing, remote and mobile working, business email compromise (BEC) and managing supply chain risks.
Phishing continues to rise
Phishing campaigns, used as an entry point to breach the security of an organisation, continue to rise globally, while traditional hacking reduces. This is because threat actors find it easier to exploit human trust rather than taking up resources to employ technical hacking methods. To reflect this, the proportion of survey respondents planning to increase spending on new cyber security technology has progressively fallen from 57% in 2018 to 46% in 2020, while the number intending to invest more in employee awareness training has risen from 34% to 40%.
According to the Hiscox Cyber Readiness Report 2020, businesses labeled cyber security ‘novices’ suffered more breaches resulting from successful phishing and malware attacks highlighting the need for regular training to drive awareness throughout the workforce. Nearly three quarters of the micro businesses our report identified as experts intend to prioritise the roll-out of effective employee training in the coming year.
The remote working vulnerability
Given the increase in remote working, employees may also be more relaxed about security outside of the work environment. This is made worse by a lack of physical engagement with others in the office which helps employees to work together to recognise potential phishing scams.
It’s another reason why organisations should ensure their employees are well trained to understand cyber risks and the vital role they play in ensuring the security of their organisation. As basic as this measure may seem, involving everyone in security is one of the most important steps an organisation can take to protect against cyber attacks.
Ivuoma Offor works within the CyberClear Centre (C3) which provides Cyber Expertise in areas such as value add services offerings, cyber training and advisory services to customers. She is currently responsible for managing the Hiscox CyberClear Academy, a cyber-awareness training platform. She holds a Master’s degree in Data Networks and Security.
*The Hiscox Cyber Readiness Report, now in its fourth year, surveyed a representative sample of 5,569 private and public sector organisations in the US, UK, Belgium, France, Germany, Spain, the Netherlands and Ireland. Each firm was assessed on its cyber security strategy and execution, and ranked according to a cyber readiness model. Fifty-nine percent of respondents had less than 250 employees and 29% of the overall sample were businesses with between one and nine employees.