Cybersecurity & The Role of Small Businesses

August 5, 2023


In the year of 2023, the hot topic is cybercrime. What is cybercrime, you ask? Cybercrime is essentially criminal activities that are carried out by means of a digital network or through a company’s computers/technology. Cybercrime harms a business’ security with the attempts to access personal data, financial information, or seize/corrupt sensitive documents, holding them ransom in exchange for a lofty fee. Cybercrime is, as the name suggests, a crime, but that doesn’t exactly stop cybercriminals from doing it. And who are the biggest targets of cybercrime? Small businesses.

It is predicted that by 2025, around 45% of organizations worldwide will have been impacted by cybercrime attacks in some way, shape, or form. Considering that number, you might think that small and medium businesses – the businesses most vulnerable – would be trying to up their cybersecurity and defend their networks against cybercrime. Unfortunately, that doesn’t seem to be the case as of 2023. In fact, small to medium-sized businesses have been rather slow on the uptake of implementing cyber security awareness programs in their businesses, leaving them even more vulnerable to potential cyber attack. In this article, we will address the stats on small businesses vs cybercrime, what that means for small-to-medium sized businesses, and how you can boost your business’ cyber security.

Statistics on small businesses versus cybercrime:

A rating from the Insurance Bureau of Canada at small companies concluded enterprises have been slow to adopt sufficient cybersecurity protocol and protect themselves against frequent and constantly evolving cyber attacks.

Some findings from this rating include:

  • The bureau noted that around only a third of companies have provided a “mandatory” security awareness program around cyber attack.
  • Under a quarter of respondents in the rating stated that their employer conducted fake phishing emails to encourage employee cyber vigilance.
  • 72% of employees in the rating stated that they had done something that would likely allow a cybercriminal to break into their company’s computer systems.
  • Half of respondents stated that their company uses multi-factor authentication.

The Insurance Bureau stated that these claims were “startling,” and that businesses are clearly not doing enough to protect themselves against the risk.

How many businesses in Canada are insured against cyber insurance?

According to a data survey from 2021 by the CIRA, roughly 6 in 10 Canadian organizations that house over 50 desktops in the workplace have cybersecurity coverage. Of those, 3 out of 10 have a cybersecurity-specific policy.

While cybersecurity insurance has become an increasingly helpful tool for managing cyber risk, the best course of action to protecting your business is always to prevent a risk before it happens. Moreover, with cyber attacks constantly evolving, it isn’t always clear on exactly how cyber insurance may help –  especially since attacks may evolve quicker than coverage does. Ransomware, phishing, malware attacks – all of these are common forms of criminals intruding on your computer systems, but cybercriminals are becoming increasingly sophisticated in the way these attacks appear.

Cyber security risk management for small businesses.

Cyber security risk management starts in the home, but the same cyber security protocol that would apply with your household should extend to the workplace – if not even more.

(Note, of course, that remote employees should implement cybersecurity risk management at home since an insecure home network is one of the easiest ways for cybercriminals to penetrate an organization’s system.)

Some tips for managing cybersecurity awareness and risk management at the workplace include:

  • Having employees partake in a cybersecurity awareness and training program.
  • Using multi-factor authentication for every account.
  • Using password management software and using unique passwords for each account.
  • Implementing scenario phishing training to heighten employee awareness of what a potential phishing scam might look like.
  • Back up data on cloud-based software.
  • Encrypt any important information or client data.
  • Implement policies to guide staff on how to handle cyber data.

Protecting your business’ workplace shouldn’t fall entirely to your business insurance. Business insurance can protect against cyber threats, but it absolutely should not be the only thing safeguarding your business against potential losses. Do your due diligence and ensure that your business is in the best place possible to be protected against cyber risk.

What does it mean for a small business to be vulnerable to cybercrime?

Cyber attacks on small firms can be devastating. You might think that small businesses would be less vulnerable to cyber attacks since their data might be “less enticing” to criminals, but it’s far from the truth. Larger enterprises and companies have strict cyber security protocol in place to defend themselves against attacks, and while their data might be more “tempting” to cyber criminals, their security is much stronger. The better option for many hackers and criminals is smaller, insecure enterprises, whose data might be much easier to access.

Cyber attacks can wreak havoc on small businesses, triggering legal fees, investigations, and forcing their products to be removed from supply chains (which can even damage larger businesses who might buy from the smaller companies.) Approximately 60% of small businesses shut down after facing a cyber attack. The costs are simply too much – whether those costs are to pay off a ransom, restore data, or pay off legal fees – and many businesses are forced to close.

A combination of cyber insurance and risk management is key

Alongside purchasing sufficient cyber insurance as an addition to an existing comprehensive business insurance policy to protect one’s organization from the threat of cyber attacks, small and medium-sized businesses must implement sufficient cyber risk management to protect themselves against potential attacks. Business leaders need to be thinking two-steps ahead when it comes to their business’ future, and in this age of tech, we never know where the threats might come from.

It’s better to be prepared. If your business isn’t insured against cyber attack, give us a call here at Excalibur Insurance to discuss getting the right coverage today.