Attacks/Breaches
7/18/2012
03:07 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

One In 10 SMEs Have Suffered From A Data Hack

Only 25% are very confident in their security measures

Research by Hiscox; specialists in small business insurance [http://www.hiscox.co.uk/business-insurance ], has found that one in ten (10%)* small businesses in the UK have experienced a data hack. The research also revealed that 90% don't have a cyber crime insurance policy in place to protect them against the financial, business interruption and legal costs they would incur should they be struck by cyber crime.

Hiscox found that while four in ten (41%) SME owners are concerned about their computer systems being hacked, only 25% are very confident about the security measures their company has in place to protect against these risks. The research also shows that small business owners are more concerned about risks relating to cyber crime, such as being hacked (39%) or phishing (36%), than they are of physical items (laptops, customer paperwork) being stolen from the office (31%).

Hiscox SME insurance expert, Alan Thomas, comments: "Cyber crime is costing the UK economy around GBP11bn a year** and while the media is reporting a growing number of high profile data breaches, some small businesses may also be a popular target for hackers because their systems are usually easier to get into and the breach may not be found out for a good few weeks."

"We know that cyber crime insurance policies might be the last thing on an entrepreneurs' mind when they are trying to drive their business forward on a day to day basis, but it is worrying that over one in ten (13%) of these businesses don't know what security measures they have in place and if they are protected from online crime", Thomas says. "It is increasingly important for small companies to evaluate all the risks their businesses face, both online and offline, and include their IT security and protection requirements in the overall contingency strategy."

Hiscox offers the following security tips to help SMEs protect themselves against online risks:

- Running an enterprise is a full-time activity and if you do not have online technical expertise seeking professional advice on security can save you time and hassle in the long run by ensuring the security measures cover your business needs - Protect information with an internal 'need-to-know' policy. If storing information on a central file server, manage who has access to these files. This can help prevent accidental or deliberate data loss - Encrypt important information for extra security so that only authorised users will be able to access it - Using the internet and email to conduct business means that data loss becomes a bigger risk. Develop a clear email policy and raise online security awareness with employees and follow up on suspicious emails even if they're a one off - Make it protocol across the business for employees to use numbers and letters in passwords that provide much more robust protection from online criminals, if you are handling client data, you will need to ensure you possess a professional indemnity insurance [http://www.hiscox.co.uk/business-insurance/professional-indemnity-insurance ] policy. - Back up your files and check your insurance cover so that you can get your business up and running again quickly in the event of an incident - Items like laptops and computer monitors are common targets for thieves and the real cost of a stolen IT asset isn't just the hardware; it's the lost data and the lost productivity. Lock servers in a room and move laptops into a secure drawer at the end of a working day.

Notes to editors

* The Survey Shop interviewed a sample of 300 UK SMEs drawn at random from online panels of small businesses with fewer than ten employees between 14 and 17th May 2012. The respondents were qualified as owners, partners and directors. The research has statistical accuracy of +/- 2% to +/- 4% for the whole sample at 95% confidence.

** A Ministry of Defence-initiated report [http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf ] (PDF) containing the GBP11.6bn estimate (all figures converted from dollars) was prepared in June 2012.

About Hiscox

Hiscox, headquartered in Bermuda, is an international specialist insurance group listed on the London Stock Exchange (LSE:HSX). There are three main underwriting parts of the Group - Hiscox London Market, Hiscox UK and Europe and Hiscox International. Hiscox London Market underwrites mainly internationally traded business in the London Market - generally large or complex business which needs to be shared with other insurers or needs the international licences of Lloyd's. Hiscox UK and Hiscox Europe offer a range of specialist insurance for professionals and business customers, as well as high net worth individuals. Hiscox International includes operations in Bermuda, Guernsey and USA.

For further information, visit http://www.hiscox.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.