Contact Us

Continuity Insights Management Conference

Businesses Lack Protection, Recovery Plans Against Cyber Attacks

Only 7% of small to mid-sized businesses think it’s very likely that they will experience a cyber incident in the next 12 months.

A new report from The Hanover Insurance Group, Inc. highlights a lack of preparedness by businesses for cyber-related attacks.

Cyber Attacks
(Source: Adobe Stock / Amgun)

The 2023 Cyber Resiliency Report reveals that 74% of small and mid-sized business decision-makers (defined as C-level executives at businesses with 3-249 employees) are confident in their ability to prevent cyberattacks effectively. Alarmingly, most businesses do not have basic cybersecurity prevention measures in place. The research affirmed the important role independent insurance agents play as experienced advisers, offering risk management tips and access to services to help business owners and operators protect their operations and maximize the benefits of their cyber insurance programs.

Key findings uncovered in the research include:

  • Most small and mid-sized businesses have a level of cyber risk in their everyday operations
    • 67% of businesses store business documents in a public cloud
    • Nearly half (49%) of businesses have not conducted a business-wide cyber risk assessment within the past 12 months
  • Most small and mid-sized businesses do not have fundamental cybersecurity prevention measures in place
    • 62% of businesses do not offer cybersecurity training for all employees
    • 50% of businesses do not use multi-factor authentication
    • 62% of businesses do not use endpoint protection for devices
  • If a cyber breach occurs, the majority of small and mid-sized businesses are not prepared to respond
    • 61% of businesses do not have an incident response plan
    • 81% of businesses do not have a post-breach response team
Eric Cernak, President of Cyber, The Hanover

“Amidst the digital landscape’s growing complexities, this new data unveils a stark truth: businesses are at a crossroads between acknowledging the looming cyber threat and taking meaningful actions. With a small percentage of business decision-makers thinking a cyber incident is ‘very likely,’ the difference between perception and reality is glaring,” said Eric Cernak, president of cyber at The Hanover. “This creates an opportunity for independent agents to talk with their customers about the importance of proactively managing cyber risk and leveraging cybersecurity services, like those offered through The Hanover’s CyberSecure Program™, to help prevent losses.”

The research also affirmed the role independent insurance agents can play as experienced advisers, offering risk management tips and services to help business leaders protect their operations and maximize the benefits of their cyber insurance programs. The Hanover’s CyberSecure Program™ offers policyholders access to a curated set of solutions, making it easy for policyholders to leverage these services to address cybersecurity gaps and help prevent cyber losses. Offered through vetted industry partners, the services are offered at no charge or at a discount.

Click here to read the full results from the 2023 Cyber Resiliency Report.

Read more about cybersecurity and business continuity issues from Continuity Insights.

Continuity Insights

Similar Articles

The Cornerstone Of A Control-Based Resilience Program

BCI board member Scott Baldwin will discuss control-based resilience programs at the Continuity Insights 2024 Management Conference.

Natural Hazard Mitigation

NIBS, Fannie Mae Release Disaster Mitigation Roadmap

The Resilience Incentivization Roadmap was unveiled at the National Institute of Building Sciences’ annual meeting in Washington, DC.

Disaster Resilience Month: FEMA Highlights Hazard Mitigation Projects 

During August, FEMA will highlight hazard mitigation projects across the nation, and plans to announce additional climate resilience funding.

Leave a Comment

Share to...