Using connected technologies like artificial intelligence (AI), drones, robotics, or wearable sensors can increase the likelihood of a business becoming the victim of a cyber attack. This is because these technologies give cyber-criminals new access points into a company’s IT infrastructure if not properly protected. In a recent survey conducted by insurance and financial services firm Nationwide, it was found that 91% of business owner respondents use one of these technologies — and 48% are unconcerned these will increase the likelihood of a cyber attack.
According to Nationwide’s fourth annual Business Owner Survey, while the number of self-reported cyber-attacks against the U.S. small and mid-sized businesses surveyed declined four percentage points year-over-year¹, the number of business owners who are unconcerned with cyber-attacks spiked, with an 18 percentage point year-over-year difference (22% unconcerned in 2017 vs. 40% unconcerned in 2018) — and those “very unconcerned” grew nearly 50% (9%t in 2017 vs. 17% in 2018). Alongside this lack of concern, 65% of business owners do not have a dedicated employee or vendor in place to monitor for cyber-attacks — an 8-percentage point increase from 2017.
“Cyber-criminals are increasingly gaining access to businesses’ systems through connected technology,” said Karen Johnston, expert cyber consultant for Nationwide. “Many business owners don’t realize that using drones or even smart devices makes their business more susceptible to cyber-attacks — especially if they don’t take the proper precautions or put someone in charge of monitoring for attacks. The scary fact we’re seeing is that business owners are becoming more apathetic towards their risk of cyber-attacks and therefore aren’t protecting themselves as well, even though the concern of cyber-attacks against them is still very real.”
Business owners lack clarity on what a cyber-attack really is — which can make an attack more difficult to protect against. According to Nationwide’s study, which surveyed 1,000 business owners with between 1-499 employees, only 9% said their business had been a cyber-attack victim when asked directly. Yet when given a list, 50% said their business experienced at least one type of harmful cyber activity. This points to a 41-percentage point awareness gap of what a cyber-attack is. Computer viruses (27%) and phishing attacks (25%) were the most frequently reported type of attack. Nationwide’s Business Solutions Center provides further insight for business owners.
Business owners also report more than a 20 percentage point gap across the board in the U.S. Small Business Administration‘s cybersecurity 10 best practices that they say are important versus those that they actually implement. For
- Make backup copies of important business data and information: 84% of business owners acknowledge this is important but only 58% do it.
- Protect against viruses, spyware and other malicious code: 83% of business owners acknowledge this is important but only 60% do it.
- Secure networks: 81% of business owners acknowledge this is important but only 54% do it.
- Control physical access to computers and network components: 78% of business owners acknowledge this is important but only 56% do it.
- Establish security practices and policies to protect sensitive information: 76% of business owners acknowledge this is important but only 47% do it.
- Require employees to use strong passwords and to change them often: 76%t of business owners acknowledge this is important but only 49% do it.
- Educate employees about cyber threats and hold them accountable: 72% of business owners acknowledge this is important but only 39% do it.
- Protect all pages on public-facing websites, not just the checkout and sign-up pages: 71% of business owners acknowledge this is important but only 38% do it.
- Employ best practices on payment cards: 71% of business owners acknowledge this is important but only 46% do it.
- Create a mobile device action plan: 59% of business owners acknowledge this is important but only 27% do it.
Nationwide commissioned Edelman Intelligence to conduct a 20-minute, online survey between April 9-20, 2018, among a sample of 1,000 U.S. business owners. Business owners are defined as having between 1-499 employees, being 18 years or older and self-reporting as either a sole or partial owner of their business. The margin of error for this sample was +/-3 percent at the 95% confidence level. As a member of CASRO in good standing, Edelman Intelligence conducts all research in accordance with Market Research Standards and Guidelines.