In the past 12 months, more than two-thirds (68%) of Small and Medium-sized Enterprises (SMEs) in Australia, Hong Kong, Singapore and Malaysia have experienced a cyber incident. Amid a rising digital economy globally, the number of businesses affected will only increase.
Despite this, many SMEs in the markets studied remain unconcerned by this clear and present danger to their business, choosing to gamble their business on what is – at best – a 50:50 chance of being involved in a cyber incident. The odds are only half the story here though.
At the core of our survey results this year is that SMEs remain ignorant when it comes to cyber risk and are risking it all by not investing in improving their defences. A disconnect between perceived and actual risk was apparent in our 2018 report, and it continues to persist in 2019.
On one hand, 81% of SMEs are confident that they are sufficiently prepared to overcome a surprise attack by sophisticated hackers or cyber criminals.
On the other, more than half (55%) of SMEs concede they are not aware of all the cyber threats they face. 41% also agree that there isn’t a consistent understanding of what cyber risk means for their organisation.
On average, 23% of SME leaders say the biggest challenge in protecting the organisation against a cyber incident is their employees. This is just one of the several data points in the survey suggesting that employees are widely regarded as the weakest link in managing cyber risks. Almost half (48%) of respondents are not confident that employees with access to sensitive data are fully aware of their data privacy responsibilities.
These findings, based on the Chubb SME Cyber Preparedness Report 2019: Ignorance is Risk, suggest that there is a gap between the perceived and actual cyber preparedness of SMEs in the region. With SMEs making up majority of the regional and global economy, more needs to be done to raise the level of cyber risk management. Awareness and education of all stakeholders involved may just be the key.