A significant perception gap exists between the cyber awareness and cyber preparedness at small and medium enterprises in some Asia-Pacific countries, according to a new Chubb survey.
Named “Too Small to Fail?” – the Chubb survey of 1,000 SMEs across Singapore, Hong Kong and Australia, reveals that:
- Most respondents believe they are in a better position than their larger competitors to manage a cyber incident (63 percent in Singapore, 60 percent in Australia and 52 percent in Hong Kong); yet
- The majority of SMEs have experienced a cyber incident in the last 12 months (71 percent in Hong Kong, 60 percent in Australia, and 56 percent in Singapore); and
- The majority of cyber incidents resulted from internal factors such as system breakdowns and human error.
While many SMEs feel better prepared than larger companies to manage cyber incidents, smaller companies have a relatively larger exposure, as they face the same risks as larger businesses but do not have the same means to implement comprehensive protection, leaving significant risk uncovered, warned Chubb.
“The survey results are consistent across the three markets. Many SMEs believe they are too small to be targeted by cyber criminals or that any internal issues will not greatly impact them. In effect, they think they are ‘too small to fail,'” said Andrew Taylor, cyber underwriting manager, Chubb Asia Pacific.
“However, our own claims data highlights numerous small business compromises and ransomware events that are decimating the cash flow of small businesses,” he added.
The survey found that the top three cyber incidents for Asia-Pacific SMEs in the past 12 months were:
- Business interruption from system malfunction or technical fault;
- Data loss through a system malfunction or technical fault; and
- Business interruption or data loss through human error, such as a lost or stolen memory device or employees unintentionally exposing their company data to risk.
Are SMEs Over Confident?
The survey revealed that most SMEs are confident in their ability to overcome a breach following an attack, with Australia being the most confident at 87 percent, followed by Hong Kong at 77 percent and Singapore at 72 percent.
The majority of respondents believe they can contain a breach within 12 hours. However, this confidence contradicts other findings, including on average:
- 62 percent believe they are not aware of all the cyber threats they face.
- 28 percent of SMEs that experienced cyber incidents did not know which data files were affected.
“Perhaps the reason for these seemingly conflicting results lies in the fact there is disagreement on where the responsibility for cyber risk should rest,” said Taylor.
“Respondents to our survey in Singapore and Australia were fairly equally divided – with about the same number believing the head of IT or the CEO should hold this role,” he continued. “This is in stark contrast to the results of our survey in Hong Kong, where nearly double [of respondents] believe the head of IT rather than the CEO should be ultimately responsible.”
“Chubb’s view is that cyber security is everyone’s responsibility, but should be led by someone who has the authority to effect change, and this needs boardroom or business owner oversight,” he said.
Understanding Cyber Insurance
The survey also uncovered a lack of understanding of cyber insurance with around 57 percent of SMEs in Singapore, Hong Kong and Australia not fully understanding the insurance solutions available, while 61 percent have never purchased cyber insurance.
“Clearly, there is a need for more education about the value of cyber insurance,” said Tim Stapleton, senior vice president, Cyber & Technology, Chubb Overseas General.
*A version of this story appeared previously in our sister publication Insurance Journal.