- 67% of SMEs believe that large corporations are more at risk of cyberattacks than small businesses
- 41% believe that employees are neglecting their responsibilities around data protection
- 40% of businesses have experienced a breach of customer files in the past 12 months
A survey by Chubb of Small and Medium Enterprises (SMEs) in Malaysia has revealed a significant perception gap between the threat of cyber risks and how prepared SMEs are to deal with them. The Chubb SME Cyber Preparedness Report 2019– ‘Ignorance is Risk’ – reveals that 84% of the respondents in Malaysia were victims of cyber incidents in the past year. At the same time, 67% of SMEs incorrectly believe that large corporations are more at risk than SMEs.
“This is a worrying misconception,” according to Andrew Taylor, Cyber Underwriting Manager, Chubb Asia Pacific. “Particularly with the recent implementation of the National Cyber Crisis Management Plan by Malaysia’s National Cyber Security Agency to combat cyber threats. “Complacency leaves the door wide open for malicious attacks, future breaches and inadequate incident response,” says Taylor. “In fact, smaller companies face a larger degree of exposure to cyber risk owing to their size and resources, as well as the lack of capital to invest in cyber risk management tools.”
Man vs Machine – Where’s the Greatest Risk?
With nearly half (48%) of cyber incidents resulting from human and administrative error, it is unsurprising that more than one third (37%) of SME leaders in Malaysia say their employees’ poor understanding of potential cyber threats is challenging their ability to protect their business. Critically, 20% of SMEs believe employees are the weakest link in their cyber defence. While leaders recognise the importance of cyber training, 41% believe that employees are neglecting their responsibilities around data protection.
In the event of a major cyber incident, businesses indicated that customers (60%) followed by company profits and reputation (58%) would be most affected. Among Malaysian SMEs, customer records are the most commonly breached data – with 40% of businesses facing a breach of customer files in the past 12 months, followed by R&D data, IP data and financial performance data, all at 31%.
The Best Laid Plans?
Three out of five (61%) of Malaysia’s SMEs say they have a data breach response plan. However, there is a clear difference in cyber preparedness among SMEs of different sizes. 77% of SMEs with 100-249 employees have a data breach contingency plan compared with 53% in smaller SMEs with fewer than 50 employees.
Malaysian SMEs were faster to respond to cyber incidents than other markets surveyed, with 67% resuming operations within 12 hours of a cyber incident. Two-thirds (66%) indicated that everyone involved knew the proper protocol and crisis response went ahead as planned.
How Insurance Can Help
The survey further found that 70% of SMEs believe the insurance industry has an important role to play in helping businesses protect themselves against cyber risk. However, 60% also believe the industry is not moving fast enough to keep up with the rapidly evolving nature of cyber risk. “In Malaysia, it is concerning to see a high number of small businesses falling victim to cyber incidents coupled with a general lack of understanding and preparedness around the risks,” said Steve Crouch, Country President, Chubb Malaysia. “Worryingly it appears many Malaysian SMEs falsely believe that their general insurance policies cover cyber risk, when in fact it most likely does not. Given the large proportion of the economy that SMEs make up in the country, I believe this is a critical issue to address.”