Although traditionally the “back to school” is a concept used for the little ones, the reality is that this time of year is also increasingly decisive in companies, which take the opportunity to catch up and better face the last stretch of the year. This “updating” is especially important in the cybersecurity of small and medium-sized companies, especially if we take into account that cybernew SMEs are nine times more attacked than cyberexperts.
On average, cybernewbies received 28 cyberattacks in 2021, compared to three of the cyberexpert companiesas concluded in Cyber Readiness Report 2022 of Hiscox, an insurance company that offers innovative and specialized products for businesses and professionals in the Spanish market.
Being ‘cyber-expert’ translates into having the ability to respond quickly and effectively to a cyber-attack to guarantee the resilience of the business and, in order to verify which companies meet these characteristics, the insurer analyzes in its report the degree of maturity of the companies in terms of of cybersecurity. For this, the response of companies in the field of people, processes and technology has been studied, taking into account variables such as business resilience, passwords and cryptography, identities and access, security events and information, threats and vulnerabilities and trust.
Thus, it is determined that in Spain only 2% of small and medium businesses They are considered cyber experts, 34% are cyber novices and the other 64% are cyber intermediates. This inability to face the challenges posed by cybersecurity has a direct impact on the evolution of the business, since one in four cybernovice SMEs has lost customers as a result of a cyberattack, something that has not happened to any of the cyberexpert SMEs victims of a cyber incident.
This lack of preparation also has a direct influence on the recovery times for normal business activity after a cyber attack, since in the case of cyber experts all recover in less than a week, but in the case of cyber novices only 67% take less than a week and, in fact, 17% take more than three months to return to activity with absolute normality.
Risk perception
The difference between the cybersecurity knowledge of one and the other is also evident in their perception of risk. While 70% of Spanish cybernovice SMEs believe that the cyber risk of their organization remains the same and only 18% believe that it has grown, in the case of cyberexperts 50% consider that the risk is greater.
This ability to be aware of cyber risk, in turn, is reflected in the way in which SMEs distribute their annual budget, since while cyber newbies allocate 22.7% of their IT budget to cybersecurity, in the In the case of cyberexperts, this percentage rises to 26%.
Therefore, it is necessary that in this new school year the small and medium cybernew companies update your knowledge and learn the keys applied by experts in this field, such as increasing investment in cybersecurity, identifying its main vulnerabilities to address them, contemplating contracting a cyber policy or appointing a specific person in charge of supervising the company’s cyber strategy.
“In a context of increasing vulnerability of companies in terms of cybersecurity, the lack of preparation of Spanish SMEs is worrying, most of which have few tools to deal with a possible cyber incident, which could leave them out of the game. if you don’t act quickly. At Hiscox, we not only work to offer them the support of cyber insurance that allows them to outsource part of their risk, but we also focus on training to allow them to acquire the necessary knowledge to become experts and respond effectively to cybersecurity threats. ”, explains Nerea de la Fuente, Director of Underwriting at Hiscox Spain.
