The risks posed by cyber-crime are a fast-growing concern for small and medium-sized enterprises (SMEs), according to Zurich Insurance Group’s fourth annual global SME survey.
The survey, which polled 2,600 C-suite executives and managers at SMEs across 13 countries in Europe, the Americas and Asia Pacific, revealed that theft of customer data (27%) and reputational damage (20%) are the consequences of cyber-crime impacts they fear the most.
Additional risks such as theft of money/savings (15%), business disruption (15%) and malicious identity appropriation (12%) are seen as potentially being the most harmful consequences of cyber-crime.
The two fastest-growing cyber-crime concerns were reputational damage and theft of money/savings. Both rose 4% each, to 20% and 15%, respectively, compared with the results of the 2015 survey.
SMEs’ confidence in IT systems and cyber-crime protection have weakened. The percentage of SMEs that view their business as sufficiently protected by up-to-date software fell to less than 5% from 8% in the past survey.
Lori Bailey, global head of special lines at Zurich, commented: “With the number of high profile cyber security breaches in the media over the last year, it is not surprising that the risk awareness amongst SMEs has grown significantly, yet alarming that the vast majority of SMEs do not have the appropriate cybercrime protection measures in place.”
Bailey said the dramatic technological transformations that are happening to enterprises, infrastructures and systems globally are resetting the traditional expectations of risk management and its approaches across companies of all sizes.
European SMEs’ fears reflect global trends
The latest survey also revealed significant regional differences in attitudes to cyber-crime risks and their impacts.
In Europe, the potential harm to reputation as a consequence of a cyber-attack as the main worry has risen to third place on the list of concerns, up from sixth in 2015.
A total of 16% of European SMEs identified this as a concern. Their leading concerns are theft of customer data and reputation damage (26% and 16% respectively), in line with the global trend.
In addition, 17% of SMEs in Europe are also worried about business disruption that could result from a cyber-attack.
U.S. businesses most concerned about cyber theft
Cyber theft of information and earnings dominated US SMEs’ concerns. Small companies in particular dread the theft of customer data (23%), and money/savings (21%), according to the survey.
While concerns over reputation damage as a result of cyber-crime increased from 10% to 15%, of the regions surveyed, SMEs in the US still remain the least concerned about this issue. At the same time, worries over malicious use of identity dropped from 16% to 12% year-on-year.
SMEs in Latin America lack awareness about cyber risk
In keeping with global trends, concerns about reputational damage related to cyber-crime are on the rise in Latin America, up to 23% from 19% in 2015.
Interestingly, the survey revealed that the fastest-growing concern in that region is related to the potential risk of third-party lawsuits related to cyber-crime, which tripled year-on-year (6% in 2016 vs 2% in 2015).
One reason for concern is that 6% of enterprises still believe they have fully-functioning cyber protection measures in place, but the percentage of those that think this way nearly halved compared with 2016.
The survey found that 10% of Latin American SMEs haven’t thought about cyber risk and currently have no opinion on it.
Cyber-crime awareness on the rise in APAC
SMEs in the Asia Pacific region (APAC) are the most worried about potential reputational damage – 32% named it as the main potential risk to their business related to cyber-crime.
In 2016, 10% of SMEs in the region believed they were too small to become a target of a hacker attack. But those SMEs thinking this way have more than halved compared to 23% in 2015.