Just 7 percent of small and midsize business owners say they will experience a cyber incident within the next 12 months, highlighting a lack of preparedness for cyber-related attacks, according to The Hanover Insurance Group Inc.’s 2023 Cyber Resiliency Report.

The research, conducted by The Harris Poll, found that 74 percent of small and midsize business decision-makers (defined as C-level executives at businesses with 3-249 employees) are confident in their ability to prevent cyber attacks effectively.

But those businesses do not have basic cybersecurity prevention measures in place.

Key findings uncovered in the research include:

  • Most small and midsize businesses have a level of cyber risk in their everyday operations, with 67 percent of businesses reporting they store business documents in a public cloud.
  • Nearly half (49 percent) of businesses have not conducted a business-wide cyber-risk assessment within the past 12 months, the report found.
  • Most small and midsize businesses do not have fundamental cybersecurity prevention measures in place, with 62 percent of businesses reporting they do not offer cybersecurity training for all employees.
  • Fifty percent of businesses reported they do not use multi-factor authentication, and 62 percent do not use endpoint protection for devices.
  • If a cyber breach occurs, the majority of small and midsize businesses are not prepared to respond; the report found 61 percent of businesses do not have an incident response plan and 81 percent of businesses do not have a post-breach response team.

“Amidst the digital landscape’s growing complexities, this new data unveils a stark truth: businesses are at a crossroads between acknowledging the looming cyber threat and taking meaningful actions. With a small percentage of business decision-makers thinking a cyber incident is ‘very likely,’ the difference between perception and reality is glaring,” said Eric Cernak, president of cyber at The Hanover.