Most Small Businesses Fail to Act After Cyber Attack

Results from a new survey conducted by specialist insurer Hiscox found that 65% of small businesses fail to take action in the wake of a cybersecurity incident.

New research shows nearly half (47%) of all small businesses in the United States have been hit with a cyber attack in the past year. Among those victimized, a similar number (44%) reported suffering two, three or even four attacks.

Pretty staggering, no? What’s even scarier, 65% of these small businesses fail to take action following a cybersecurity incident, according to the 2018 Hiscox Small Business Cyber Risk Report.

Hiscox, an insurer, found that small businesses are less likely to have instituted strategies to fend off attacks, nor detect them early if they do occur. Not surprisingly, they are also less likely to be able to withstand the financial impact of a hack or breach than, say, the cyber-stricken corporate brands we so often hear about in the news.

Small businesses estimated their average cost for incidents in the last 12 months to be $34,604. Among large companies (more than 1,000 employees), the annual average cost of cyber crime was $1.05 million.

Consider the indirect costs that can result from an attack, such as lost customers or difficulty attracting
new ones. How about lasting damage to the brand? Then there are costs associated with the hours required to resolve the attack and the distraction a breach can cause. Add it all up and it would seem a wise investment to fortify your business against such a thing.

The attacks come in various forms, including ransomware, spear phishing, malware, DDoS and something referred to as a drive‑by. The latter involves crooks on the prowl for insecure web sites who then plant a malicious script into HTTP or PHP code on one of the web pages. This script may install malware directly onto the computer of some unsuspecting user who visits the site.

Hiscox’s survey found that cyber risk is actually a top concern for the majority (66%) of small businesses owners. Yet 50% said they lack the budget necessary to surmount a defense, with barely half (52%) reporting they have a clearly defined strategy around cybersecurity.

I can tell you these survey results seem right in line with what I heard at the recent Cyber:Secured Forum in Denver. And so are the following best practices offered by Hiscox:


  • Involve and educate all levels of the organization about cyber threats.
  • Have a formal budgeting process and ensure cyber is a part of all decision making.
  • Institute cyber training during the on‑boarding process and in an ongoing manner.


  • Include intrusion detection and ongoing monitoring on all critical networks.
  • Track violations (both successful and thwarted) and generate alerts using both automated monitoring and a manual log.
  • Record all incident response efforts and all relevant events.


  • Create a plan for all incidents, from detection and containment to notification and assessment, with specific roles and responsibilities defined.
  • Review response plans regularly for emerging threats and new best practices.
  • Insure against financial risks with a stand‑alone cyber policy or endorsement.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Although Bosch’s name is quite familiar to those in the security industry, his previous experience has been in daily newspaper journalism. Prior to joining SECURITY SALES & INTEGRATION in 2006, he spent 15 years with the Los Angeles Times, where he performed a wide assortment of editorial responsibilities, including feature and metro department assignments as well as content producing for Bosch is a graduate of California State University, Fresno with a degree in Mass Communication & Journalism. In 2007, he successfully completed the National Burglar and Fire Alarm Association’s National Training School coursework to become a Certified Level I Alarm Technician.

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.

A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!

Subscribe Today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters