Phishing emails are becoming a serious problem for small businesses, leading to costly class action lawsuits. As cyber threats grow more sophisticated, attackers are finding ways to exploit weaknesses in companies of all sizes. Phishing remains the most common way for hackers to gain access, and it’s costing small and medium-sized enterprises (SMEs) significantly. According to IBM’s 2023 Cost of a Data Breach Report, businesses with fewer than 500 employees face an average breach cost of $3.31 million, marking a 13.4% increase from the previous year.
Patricia Kocsondy, who leads global cyber digital risks at Beazley, emphasizes that the biggest challenge is not just the frequency of attacks but the infrastructure vulnerabilities. She points out that small companies are now facing the same risks that used to primarily affect larger organizations. Many of these breaches occur because employees click on malicious links in emails, highlighting a significant gap in awareness and training among small business staff.
The consequences of these breaches are escalating. Kocsondy notes that even minor breaches are leading to class action lawsuits against small firms. The risk can extend beyond a company’s direct operations; if a key supplier is targeted, the fallout can impact their clients as well. Over half of the claims Beazley sees arise from third-party risks, where a breach in one company affects others in the supply chain.
Despite the increasing threat, many small businesses remain unaware of the risks they face and the actions they can take. Kocsondy believes that training employees to recognize phishing attempts could significantly improve cybersecurity defenses. Phishing often leads to more severe issues like ransomware attacks and regulatory penalties, making it crucial for companies to address this risk.
In today’s fast-paced digital landscape, Kocsondy argues that cyber insurance is more than just a safety net; it should be viewed as a critical part of a company’s infrastructure. Small businesses often lack the IT resources to respond effectively to cyber incidents. Cyber insurance can provide essential support, including real-time alerts and guidance on how to handle breaches. For many small businesses, a single cyberattack can threaten their very existence.
The cost of recovering from a breach can be overwhelming, especially given the tight policy limits many insurers impose. Kocsondy stresses the importance of efficient incident response to avoid out-of-pocket expenses. The global regulatory environment adds to the complexity, with different requirements across regions making recovery even more challenging.
Access to cyber insurance is a significant hurdle for many SMEs. Kocsondy points out that many small businesses do not have the budget to invest in their cybersecurity. Worse still, many do not even know that cyber insurance exists, leaving them vulnerable to attacks. This knowledge gap can be the difference between a successful recovery and a complete business collapse.
As cyber threats continue to evolve, Kocsondy warns that resilience is no longer optional. The risks are growing and becoming more unpredictable. Small businesses must take proactive steps to protect themselves, as the landscape of cyber threats is only becoming more complicated.