Despite the numerous counts of headlines reporting data breach, employees are not being encouraged or given the support they need by employers to take a proactive step in defending their system against cyber threats.

The Chubb’s Third Annual Cyber Report reveals that the key in preventing cyberattacks for small businesses is employee education. The objective of this report is to assess the level of knowledge employees have about their cyber risks and what steps they have taken to protect themselves.

Complacency is found to be one of the detrimental consequences for small businesses with limited resources, which can lead small businesses to be exposed to a higher chance of going out of business after a cyberattack. The best way to defend themselves is by making sure employees are aware of cyber threats.

“When it comes to your cybersecurity, there’s no such thing as being over-prepared. While it’s important that the vast majority of respondents remain concerned about a breach, concern itself isn’t enough. Individuals often say their lack of cybersecurity action is because it seems too time-consuming in the moment. But implementing cyber safeguards today will save time and financial resources tomorrow, should a breach occur”, Fran O’ Brien, Division President of Chubb North America Personal Risk Services, emphasised in the press release for the report. 43% of cyberattacks are targeted towards small businesses, hence, if you are a small business and a valued target, a breach is very likely to happen sooner or later.

2019 Cybersecurity Risk Statistics

The study shows that despite 70% of the respondents reviewing their company’s cybersecurity practices as “excellent” or “good”, but only 31% of these employees receive annual company-wide training or updates from their employer. The trainings they received has to be from a reliable source as the survey also says more than a third are learning cybersecurity through mainstream media (35%) and family and friends (34%). Only 19% reported that they learned about cybersecurity protection through their employer, meaning that most of the employees lack the necessary skills required to protect their business, resulting in employees not being able to identify a cyber-attack when it is taking place.

Identifying Attacks

Ransomware is the one common form of attack the participants defined correctly at 54%. However it goes down from there as the majority of the participants couldn’t identify credential stuffing (59%), Emotet (72%), and Ryuk (74%).

What’s even worst is these types of attacks are just the tip of the iceberg. It is impossible for your staff to know everything unless your company specialises in cybersecurity.

The key is to teach your employees so they can have a general understanding of these common attacks.
Strict governance coupled with mandatory annual training can bring your employees up to speed. Check Condition Zebra list of training here