Small, Medium Businesses Fear Loss of Customer Data, Reputational Damage From Cyber Attack

December 21, 2015

Small and medium-sized enterprises (SMEs) around the world are making greater use of the internet and are therefore becoming more exposed to potential cyber risks threats. Zurich’s survey reveals: SMEs’ greatest fear is loss of customer data and damage to their reputation resulting from a cyber-attack. However, many still believe they are too small to be at risk.

The survey, which polled 3000 C-suite executives and managers at SMEs across 15 countries in EMEA, the Americas and Asia-Pacific, revealed that in 2015 SMEs’ concern over cybercrime has doubled to eight percent from four percent in 2013. SMEs in Malaysia (which ranked the risk as fifth), Turkey (ranked sixth) and the U.S. (ranked sixth), are most worried about cyber attacks.

From a list of nine potential threats resulting from cybercrime, SMEs globally rate theft of customer data as the most critical risk of cybercrime (28 percent), while damage to reputation following a cyber-attack ranked second (16 percent).

One in six (17 percent) SMEs still consider themselves to be too insignificant to attract the attention of cyber criminals. Zurich does not share this view since hackers are not only looking at the size of the potential gain, but also at the ease of committing the crime.

“The results of this year’s SME survey, as well as the Advisen Cyber Survey findings reveal that demand for cyber insurance is growing significantly around the globe,” said Lori Bailey, global head of Special Lines. “However, there is still a misconception among some SMEs that they will not be affected by this pervasive issue. We at Zurich are continuing to invest in identifying risks and delivering solutions to meet the expectations of our customers, irrespective of the size of their business.”

SMEs in many parts of the world see new sales channels (e.g., online trading) as one of the key opportunities for growth (top two in Austria, top three in the U.S. and Turkey, top four in Portugal and UAE, top five in Brazil and Hong Kong), but surprisingly they are not worried about technological vulnerabilities and cybercrime.

Other findings of the survey are as follows:

  • The global survey once again revealed significant regional differences, with SMEs in Europe (11 percent) and the U.S. (10 percent) far less worried about the potential impact on their reputation compared to those in APAC (31 percent), LatAm (19 percent) and MEA (18 percent).
  • Business disruption following a cyberattack is of particularly high concern in Europe (ranked second) compared to LatAm (ranked 10th) and globally (ranked 5th).
  • The number of SMEs that claim they have cyber protection in place is twice as high in LatAm (12 percent) and APAC (10 percent) compared to MEA and the U.S. (five percent in each).
  • Theft of money/savings has made it into the top three of the biggest cyber risks in Turkey, Austria and the U.S.

Zurich recently published the results of its fifth annual Advisen Cyber Survey of U.S.-based risk managers, which revealed a growing interest in increased limits and security breach response plans and showed that greater attention is being paid to emerging risks from new technologies.

According to the survey’s results, the overall upward trend of organizations purchasing cyber liability insurance has accelerated in 2015, up nine percentage points over 2014. Since the first survey in 2011, there has been a 26 percentage point increase in the number of business respondents with cyber liability coverage.

Source: Zurich