Washington, DC – As Russia’s hacking of America’s electoral process continues dominating headlines, Democrats on the House Small Business Committee today examined solutions to tackle the alarming rise of cyberattacks on small businesses. In particular, the hearing examined the burgeoning cyber insurance industry, which can help small companies to prepare for and recover from cyberattacks.
“A hearing on protecting small firms from cyberattacks is particularly timely,” said Rep. Nydia M. Velázquez (D-NY), the top Democrat on the Committee. “If Russia was able to use cyberattacks to penetrate our democratic institutions, by comparison, a small business seems an easy target.”
While recent high-profile hackings in the private sector targeted large companies like Sony, Target and Anthem, small businesses also suffer from attacks on their cyber-vulnerabilities. Although they’ve gone relatively unnoticed, cyberattacks can come in many forms and targeting of small businesses is on the rise. Nearly 4 in 10 of all cyberattacks are focused on companies with fewer than 500 employees. To make matters worse, only 14 percent of small businesses say they have a plan for ensuring their data is secure.
“The Internet has undoubtedly transformed the way small businesses operate,” said Velázquez. “Unfortunately, for small business owners, when it comes to the health of their businesses, cyber hygiene often falls to the backburner.”
One solution to help small firms handle the risk of Internet attacks is cyber insurance. Operating similarly to business liability insurance, cyber insurance offers small firms protections against lost sales due to a cyber breach and even legal fees in the case of a lawsuit.
“The role of insurance is continuously increasing as consumers are now seeking industry feedback and risk insights,” said Erica Davis, Senior Vice President of Specialty Errors and Omissions at Zurich North America. “It has become more of a partnership, with businesses focusing on not just what happens post-breach and a loss being paid.”
A relatedly new and ever-growing industry, Democrats agree that cyber insurance is a powerful tool to protect small firms and ought to be accessible, tailored and affordable.
“In selecting a cybersecurity insurance policy, small businesses must be equipped to choose a tailored plan that helps to meet their needs,” said Velázquez. “Cybersecurity concerns – from Russia’s attack on our political institutions to criminal enterprises preying on small businesses– merit our attention now more than ever before.”
“The reality for small and middle-market companies is that the Internet has reached a fundamental, ‘utility’ type status, as it is now a required piece of infrastructure for almost any organization to be successful in our modern economy,” said Daimon Geopfert, Principal and National Leader of Security, Privacy, and Risk at RSM US LLP. “Small business are being forced to be become IT and cyber experts in addition to trying to establish, deliver, and expand their core services.”
One report found that only 28 percent of small businesses rely on Internet security policies, while just 35 percent provide security training to employees. In contrast to many large firms that have the resources to staff an Information Technology (IT) department, 86 percent of small firms lack IT personnel.
As the internet adapts and cyber attackers become more nuanced, Democrats stressed the urgency of this problem. By discussing ways to equip small businesses, the panelists provided insights into how Congress can best work with the private sector to empower small firms against belligerent cyber warfare.