Cyber Threat Awareness Has Risen

Cyber Threat Awareness Is on the Rise, But Unique Challenges Slow Preparedness

The year 2017 demonstrated a marked increase in awareness regarding the importance of cyber-security amongst small and medium sized enterprise (SME) owners; however, many of these businesses are still not prepared to face the consequences of a cyber-attack.

According to data stated in the Allianz Risk Barometer 2018 Report for medium-sized companies, cyber incidents now ranks as the top risk for the first time (39% of responses), while for small-sized companies, cyber incidents ranks as the 2nd major business risk (30% of responses).

Cyber security awareness is rising due to highly publicized data breaches and phishing attacks that have severely impacted the reputations of many large corporations. However, despite the increased awareness, people still don’t think it will happen to them or that their data is important enough to hack.

The truth is that hackers cast a wide net and don’t care who the victims are.  They just want to exploit the need for data to get ransom money.  Or worse, hackers can damage a business’s reputation, block or eliminate access to data and/or even bankrupt a business.

2017 saw more attacks, causing more financial distress to SMEs

As more data becomes available on the impact cyber-attacks have on SMEs, the potential for catastrophic financial losses has been documented. Research shows that, in 2017, the average cost of a data breach in North America was $117,000 for SMEs, while other studies have revealed that hackers have breached over 50% of small businesses.

“The jump that cyber incidents have taken in the past year – from 3rd to 1st for medium-sized companies and from 6th to 2nd for small-sized companies – is significant and reflects an uptick in the attention paid to data breaches both by SME companies and their insurance brokers,” says Vinko Markovina, Global Head of MidCorp, AGCS. “Awareness is growing, as the Risk Barometer results show, but many SMEs still underestimate their exposure and are not prepared for, or are able to respond to, an incident. This can be a fatal mistake.”

While the increased level of awareness amongst SME owners is an improvement, these businesses still face a unique set of challenges preventing them from achieving a level of preparedness to face a cyber-attack. Many do not have enough money to afford their own IT departments or access to the knowledge and resources required to protect themselves against evolving threats. Businesses of this size are particularly susceptible to phishing attacks.

SMEs need to take a far more proactive stance

The best defense a SME business has is to retain the services of a reputable IT provider capable of supplying them with the most efficient equipment and level of service necessary to prepare for an attack. Not only is this the most economical option for businesses that cannot afford to employ their own IT staff, it delivers the ability to retain the highest level of protection available. The right outsourced IT provider can supply all the knowledge and resources necessary to proactively plan for a cyber-attack and effectively minimize losses.

You and your IT provider can work together towards taking measures to achieve preparedness. These include:

  • Review your hack preparedness and post-attack plans.
  • If you don’t have one you can download one here.
  • Make sure you have good backups and test them on a quarterly basis.
  • Perform both an external and internal penetration test.
  • Phish your own employees to learn who needs more training on how to avoid falling victim to these types of attacks.
  • If you have an IT provider or in-house team, bring in a 3rd party to audit their security work.  Alternatively, bring in a security firm who could complement standard IT, working in tandem for preventative measures.


Reduce the overall risk of financial loss and irrecoverable reputation damage by hiring an outsourced provider to handle all aspects of your SME business’s cyber-security strategy, including delivering training for employees on how to spot and avoid phishing scams.