More than half or 52% of SMEs in Hong Kong in a recent poll conducted by insurance firm Chubb believe they are less vulnerable to cyber incidents than their larger corporate counterparts, yet 71% of them admitted in the same survey that they have experienced a cyberattack in the last 12 months.
“This showed a significant perception gap in cyber awareness among Hong Kong SMEs and how well they are prepared to deal with it,” said Andrew Taylor, cyber underwriting manager, Chubb Asia Pacific.
The survey was done with the collaboration between Chubb and YouGov. Entitled “Too Small To Fail? Chubb SME Cyber Preparedness Survey”, 300 respondents from various industries had been polled, of which 77% of them are comprised of board-level executives.
According to Taylor, SMEs have unrealistic perception of their ability to manage a cyber issue.
“They are confident of their ability to overcome a cyber breach following a cyberattack,” he said. “65% believe they can contain a breach within 12 hours. What’s more, 59% believe a similar incident is less likely to occur in the future.”
The survey also revealed that majority of local SMEs put the responsibility for cybersecurity at the doorstep of the head of IT or CISO.
“”Cybersecurity should be everyone’s responsibility but led by someone at board level, who has the authority to effect change,” said Taylor.
He noted that some SMEs believe that they are too small to be targeted by cybercriminals or any internal issues will not greatly impact them.
“However, our own claims data highlights numerous small business compromises and ransomware events that are decimating the cash flow of small businesses,” Taylor said.
Meanwhile, the survey also uncovered a lack of understanding of cyber insurance with 49% of local SMES not fully understanding the insurance offerings available, while 53% have never purchased cyber insurance before.
“More than just paying claims, we strongly believe in helping clients reduce risk at the outset,” said Stanley Wong, country president for Chubb’s general insurance operations in Hong Kong, Taiwan and Macau. “Hence, we are committed to promote awareness of exposure to cyber losses, share our risk management expertise and encourage companies to invest in risk prevention.”
“Clients can avail themselves to our Incident Response Platform, which helps contain threats and limits potential damage to business, and most importantly learn from the incident,” he added.