The rapid advances in technology has certainly brought with it a myriad of benefits that not only increases productivity and efficiency, but also increases the bottom line and employee satisfaction. However, technology is a double-edged sword. Crime follows wealth; and now that wealth generation is being digitised, crime is following suite.
As such, cyber risks and attacks are now a very real issue that should not be taken lightly. According to the second annual Chubb SME Cyber Preparedness Report, Hong Kong based SMEs have been shown to have low confidence in their employee’s ability to manage a cyber risk.
76 per cent of SMEs surveyed by the report have reported a cyber incident in the past 12 months. Despite the high number of incidents, up to 50 per cent of SME leaders believe that their employees are not aware of the full scope of the dangers that are posed by cyber risks.
Many SME leaders have also found that there is no consistent understanding across their organisation of what cyber risk means. Up to 38 per cent of SME leaders expressed little confidence that their employees who have access to sensitive data are fully aware of their data privacy responsibilities.
“Building awareness among employees is more important than ever,” said Andrew Taylor, cyber underwriting manager, Chubb Asia-Pacific. “Employees are both the biggest risk and greatest opportunity for SMEs looking to improve their cyber defences. Being the organisation’s first line of defence, they can play a critical role in detecting and preventing breaches. Not investing in upskilling employees on cyber risk is a missed opportunity.”
Despite the increased risk of cyber incidents, Chubb’s report has found that the majority of SME’s concerns lie elsewhere. Revenue and sales, profitability, and market reputation still remained the key concerns of Hong Kong based SMEs; with only 11 per cent of companies that actively make the effort to recover breached data files.
“This apparent lack of concern is puzzling,” Taylor said. “It points to the over-confidence we found among SMEs in overcoming cyberattacks. However, this leaves the door wide open for malicious attacks, future breaches and inadequate incident response.”
There is some improvement however. Compared to 2018, Hong Kong SMEs were quicker in responding to cyber incidents compared to last year. 71 per cent of businesses resumed normal operations within 12 hours of a cyber-attack. 69 per cent of companies reached out to affected stakeholders within 72 hours of a cyber-attack; an increase of 7 per cent since 2018.
While awareness of cyber risk is increasing, Chubb noted that there is still a cyber insurance protection gap. 32 per cent of Hong Kong SMEs did not purchase cyber risk insurance before or after experiencing a cyber breach, while close to half do not fully understand the insurance solutions available to them.
“There is a misconception that smaller businesses face less cyber risk than larger companies, when in fact the opposite is true. A large cyber incident could spell the end of a small business and leave them open to significant third-party liabilities. With three quarters of SMEs experiencing a cyber incident in the past 12 months, there is an urgent need for all businesses to protect themselves,” said Stanley Wong, president of Chubb for Hong Kong, Taiwan, and Macau.