In comparison to experts, novice businesses are exposed to nine times more cyberattacks

In comparison to experts, novice businesses are exposed to nine times more cyberattacks ...

Although traditionally the term "back to school" is used for the little ones, the reality is that this time of year is also becoming crucial for businesses, who take the time to recharge and better prepare for the last days of the year. This "updating" is especially important in the cybersecurity of small and medium-sized businesses, especially when we consider that cybernew SMEs are nine times more vulnerable than cyberexperts.

Cybernewbies received 28 cyberattacks in 2021, compared to three of the cyberexpert companiesas concluded in Hiscox's Cyber Readiness Report 2022, a Spanish insurance company that provides innovative and specialized services to businesses and professionals.

Being a 'cyber-expert' means having the ability to respond quickly and effectively to a cyber-attack. In order to guarantee the business's resilience, the insurer evaluates in its report the degree of maturity of the companies in terms of cybersecurity, taking into account variables such as business resilience, passwords and cryptography, identities and access, security events and vulnerabilities, and trust.

Only 2% of small and medium enterprises in Spain are considered cyber experts, 34 percent are cyber novices and the rest 64 percent are cyber intermediates. This inability to deal with the threats posed by cybersecurity has an immediate impact on the business's evolution, as one in four cybernovice businesses has lost customers as a result of a cyberattack, something that has never happened to any of the cyberexpert SMEs victims of a cyber incident.

This lack of preparation has a direct bearing on the recovery periods for normal business activity following a cyber attack, since in the case of cyber experts all recover in less than a week, while in the case of cyber novices only 67% recover in less than a week, and in fact, 17% return to activity within absolute normality.

The difference between the cybersecurity expertise of one and the other is also evident in their perception of risk. Despite 70% of Spanish cybernovice SMEs believing that their organization's cyber risk remains the same and only 18% believe that it has increased, in the case of cyberexperts 50% consider that the risk is greater.

This ability to be cognizant of cyber danger is reflected in the way SMEs allocate their annual budget, since while cyber novices allocate 22.7 percent of their IT budget to cybersecurity, in the case of cyberexperts, this percentage increases to 26%.

Therefore, it is necessary that small and medium cybernew companies update their knowledge and learn the strategies used by experts in this area, such as increasing investment in cybersecurity, identifying its main weaknesses to address them, considering a cyber policy or appointing a specific person to supervise the firm's cyber strategy in this new school year.

The absence of preparation of Spanish small enterprises in a time of increasing cybersecurity vulnerability is worrying. Most of them have little experience to deal with a potential cyber incident, which might leave them out of the game if you don't act quickly. "We not only provide them with cyber insurance that allows them to outsource part of their risk, but we also train them to acquire the necessary skills to deal effectively with cybersecurity threats," says Nerea de la Fuente, Director of Underwriting at Hiscox Spain.

You may also like: