Are SMEs over confident about their ability to manage cyber risk?

Small Medium Enterprises (SMEs) in Hong Kong believe that they are less vulnerable to cyber risks than their larger competitors. According to Chubb's SME Cyber Preparedness Report “Too Small to Fail?”, 52% of the 300 respondents agreed with that statement. They also think that they can overcome cyber breaches quickly and easily, with more than half (65%) believing that they can contain a breach within 12 hours.

However, nothing could be further from the truth.

• More than half (71%) experienced a cyber error or attack in the past 12 months.
• When probed, 45% of respondents are not confident that all their employees who have access to sensitive data are fully aware of their data privacy responsibilities.
• 52% believe they are not aware of all the cyber threats they face.

While SMEs may be at risk of external cyber attacks, our research shows that the majority of the cyber incidents are actually caused by internal factors. The top three incidents are business interruption or data loss through human error, system malfunction or technical fault.

Following a cyber incident:

• SMEs react differently with 46% stating that they increased their security, 36% notified affected parties, and 13% took no action at all.
• Their key concerns were relationship with customers (64%), profits (60%), cost of incident (60%) and public reputation (61%).

These statistics lead us to believe that there is a significant gap between the hard reality of cyber risk and how well small companies are prepared to deal with it. SMEs face a far bigger risk exposure as they face many of the same threats as larger companies do, yet most do not have the means to make as much investment required to implement comprehensive protection, or to recover from an attack.