The FINANCIAL -- The risks posed by cyber crime are a fast-growing concern for small and medium-sized enterprises (SMEs), according to Zurich Insurance Group’s (Zurich) fourth annual global SME survey.
Just 10% of SMEs said that they were too small to be at risk of falling victim to cyber crime, compared with 17% of those that thought that they were too insignificant to attract the attention of cyber criminals in 2015.
Fewer SMEs believe that they are too small to be hacked; the percentage thinking this has almost halved since last year (10% vs 17%)
Theft of customer data (27%) and reputational damage (20%) are seen as the most significant cyber crime risks for SMEs
Only 5% of SMEs are confident they have sufficient and up-to-date IT measures in place to protect against cyber crime vs 8% in 2015
The survey, which polled 2,600 C-suite executives and managers at SMEs across 13 countries in Europe, the Americas and Asia Pacific, revealed that theft of customer data (27%) and reputational damage (20%) are the consequences of cyber crime impacts that they fear the most.
Additional risks such as theft of money/savings (15%), business disruption (15%) and malicious identity appropriation (12%) are seen as potentially being the most harmful consequences of cyber crime.
The two fastest-growing cyber crime concerns were reputational damage and theft of money/savings. Both rose 4% each, to 20% and 15%, respectively, compared with the results of the 2015 survey.
SMEs’ confidence in IT systems and cyber crime protection have weakened. The percentage of SMEs that view their business as sufficiently protected by up-to-date software fell to less than 5% from 8% in the past survey.
Lori Bailey, Global Head of Special Lines at Zurich, commented: “With the number of high profile cyber security breaches in the media over the last year, it is not surprising that the risk awareness amongst SMEs has grown significantly, yet alarming that the vast majority of SMEs do not have the appropriate cybercrime protection measures in place.
The dramatic technological transformations that are happening to enterprises, infrastructures and systems globally are resetting the traditional expectations of risk management and its approaches across companies of all sizes. At Zurich, we continue to invest in identifying risks and delivering tailored solutions to address the needs of all our customers, but to effectively tackle cyber crime and improve business resilience, further joint efforts will be needed between governments, service providers and businesses.”
The latest survey also revealed significant regional differences in attitudes to cyber crime risks and their impacts.
European SMEs’ fears reflect global trends
In Europe, the potential harm to reputation as a consequence of a cyber attack as the main worry has risen to third place on the list of concerns, up from sixth in 2015. 16% of European SMEs identified this as a concern. Their leading concerns are theft of customer data and reputation damage (26% and 16% respectively), in line with the global trend. In addition, 17% of SMEs in Europe are also worried about business disruption that could result from a cyber attack
U.S. businesses most concerned about cyber theft
Cyber theft of information and earnings dominated U.S. SMEs’ concerns. Small companies in particular dread the theft of customer data (23%), and money/savings (21%). While concerns over reputation damage as a result of cyber crime increased from 10% to 15%, of the regions surveyed, SMEs in the U.S. still remain the least concerned about this issue. At the same time, worries over malicious use of identity dropped from 16% to 12% year-on-year.
SMEs in Latin America lack awareness about cyber risk
In keeping with global trends, concerns about reputational damage related to cyber crime are on the rise in Latin America, up to 23% from 19% in 2015. Interestingly, the survey revealed that the fastest-growing concern in that region is related to the potential risk of third-party lawsuits related to cyber crime, which tripled year-on-year (6% in 2016 vs 2% in 2015). One reason for concern is that 6% of enterprises still believe they have fully-functioning cyber protection measures in place, but the percentage of those that think this way nearly halved compared with 2016. Still 10% of Latin American SMEs haven’t thought about cyber risk and currently have no opinion on it, according to the survey.
Cyber crime awareness on the rise in APAC
SMEs in the Asia Pacific region (APAC) are the most worried about potential reputational damage – 32% named it as the main potential risk to their business related to cyber crime. The same percentage of SMEs are worried about potential theft of their customers’ data. It is remarkable to note that SMEs in APAC surveyed showed a more than doubling in 2016 from 2015 when it comes to concern about theft of money/savings, malicious use of identity and business disruption. In 2016, 10% of SMEs in the region believed they were too small to become a target of a hacker attack. But those SMEs thinking this way have more than halved compared to 23% in 2015.