Small businesses are lagging behind larger companies in preparedness for attacks on their websites or computer systems. That’s the finding of a survey by Hiscox, an insurance company whose target market in the U.S. is small business.
The survey released last week found that small businesses are less likely to make changes to their cybersecurity systems after an attack. Twenty-nine percent said they did nothing after being attacked, compared to 20 percent of larger companies. Small companies are almost as likely to be attacked — 68 percent of small businesses reported at least one in 12 months, compared to 72 percent of larger businesses.
Two key reasons are behind small businesses’ lack of preparedness: money and time. Many small businesses can’t afford to have employees dedicated to information technology including cybersecurity, and the more sophisticated an anti-cyberattack system is, the more it costs. Owners who focus on getting and working with customers may keep putting off tasks such as ensuring their companies can deter or recover quickly from cyberattacks.
Their lower revenues also mean a cyberattack can be proportionately more expensive for a smaller business. The survey found that smaller companies had costs of $41,334 connected to their largest cyberattack. For companies with 250 or more workers, the costs were $81,322. But a larger revenue stream made it easier for larger businesses to absorb those costs.
Companies that track cyberattacks report the number of website invasions and computer hackings is continually growing. Symantec, which makes security software, counted more than a million attacks per day in 2015 against people who visited websites. Phishing attacks targeting employees, in which emails were sent with harmful links or documents, rose 55 percent.
The Hiscox survey questioned 1,000 companies, 70 percent of which had fewer than 250 employees. It was conducted in November and December.