View this article online: https://www.insurancejournal.com/news/national/2018/10/01/503020.htm

Firms Using Connected Devices Not Worried About Increased Cyber Risk: Survey

Business that use artificial intelligence, drones, robotics, wearable sensors or other connective technologies can increase their chance of being a cyber attack victim because these technologies give cyber criminals new access points into a company’s IT infrastructure if not properly protected.

According to a new insurer survey 91 percent of business owners use one of these technologies, while 48 percent say they are unconcerned they will increase the likelihood of a cyber attack.

According to Nationwide’s fourth annual Business Owner Survey, while the number of self-reported cyber attacks against U.S. small and mid-sized businesses surveyed actually declined four percentage points, the number of business owners who say they are unconcerned with cyber attacks spiked by 18 percentage points to 40 percent in 2018.

Those “very unconcerned” grew nearly 50 percent (9 percent in 2017 vs. 17 percent in 2018).

In addition to the this lack of concern, 65 percent of business owners said they do not have a dedicated employee or vendor in place to monitor for cyber-attacks — an 8-percentage point increase from 2017.

Nationwide’s study surveyed 1,000 business owners with between 1 and 499 employees.

According to Karen Johnston, cyber consultant for Nationwide, cyber criminals are increasingly gaining access to business systems through connected technology. “Many business owners don’t realize that using drones or even smart devices makes their business more susceptible to cyber attacks – especially if they don’t take the proper precautions or put someone in charge of monitoring for attacks,” Johnston said.

“The scary fact we’re seeing is that business owners are becoming more apathetic towards their risk of cyber-attacks and therefore aren’t protecting themselves as well, even though the concern of cyber attacks against them is still very real.”

Business owners lack clarity on what a cyber-attack really is – which can make an attack more difficult to protect against. According to Nationwide’s study, only 9 percent said their business had been a cyber-attack victim when asked directly. Yet when given a list, 50 percent said their business experienced at least one type of harmful cyber activity. This points to a 41-percentage point awareness gap of what a cyber-attack is. Computer viruses (27 percent) and phishing attacks (25 percent) were the most frequently reported type of attack.

The survey also showed businesses are failing to implement cyber security best practices such as:

• Make backup copies of important business data and information: 84 percent of business owners acknowledge this is important but only 58 percent do it.
• Protect against viruses, spyware and other malicious code: 83 percent of business owners acknowledge this is important but only 60 percent do it.
• Secure networks: 81 percent of business owners acknowledge this is important but only 54 percent do it.
• Control physical access to computers and network components: 78 percent of business owners acknowledge this is important but only 56 percent do it.
• Establish security practices and policies to protect sensitive information: 76 percent of business owners acknowledge this is important but only 47 percent do it.
• Require employees to use strong passwords and to change them often: 76 percent of business owners acknowledge this is important but only 49 percent do it.
• Educate employees about cyber threats and hold them accountable: 72 percent of business owners acknowledge this is important but only 39 percent do it.
• Protect all pages on public-facing websites, not just the checkout and sign-up pages: 71 percent of business owners acknowledge this is important but only 38 percent do it.
• Create a mobile device action plan: 59 percent of business owners acknowledge this is important but only 27 percent do it.