Business Owners’ Increased Use of Technology Creates New Gateways for Cyber-Criminals

woman in office talking on cell phone

While the use of connected technology has given business owners a whole new way of serving their customers, there are also some inherent cybersecurity risks.

Connected technologies like artificial intelligence, drones, robotics or wearable sensors have the potential to be game-changers. But business owners beware, connected technologies also increase the chances of a cyberattack because they give cyber-criminals new access points if not properly protected. Research shows that 91 percent of business owners use one of these technologies, but 48 percent are unconcerned they will increase the likelihood of a cyber-attack.

According to Nationwide’s fourth annual Business Owner Survey, while the number of self-reported cyber-attacks against the U.S. small and mid-sized businesses surveyed declined four percentage points year-over-year1, the number of business owners who are unconcerned with cyber-attacks spiked, with an 18 percentage point year-over-year difference (22 percent unconcerned in 2017 vs. 40 percent unconcerned in 2018) – and those “very unconcerned” grew nearly 50 percent (9 percent in 2017 vs. 17 percent in 2018). Alongside this lack of concern, 65 percent of business owners do not have a dedicated employee or vendor in place to monitor for cyber-attacks — an eight percentage point increase from 2017.

Cyber-criminals are increasingly gaining access to businesses’ systems through connected technology. Many business owners don’t realize that using drones or even smart devices makes their business more vulnerable to cyber-attacks. Business owners are becoming more apathetic towards their risk of cyber-attacks and therefore aren’t protecting themselves as well, even though the concern of cyber-attacks against them is still very real.

Business owners lack clarity on what a cyber-attack really is – which can make an attack more difficult to protect against. According to Nationwide’s study, which surveyed 1,000 business owners with between 1-499 employees, only 9 percent said their business had been a cyber-attack victim when asked directly. Yet when given a list, 50 percent said their business experienced at least one type of harmful cyber activity. This points to a 41-percentage point awareness gap of what a cyber-attack is. Computer viruses (27 percent) and phishing attacks (25 percent) were the most frequently reported type of attack.

Business owners also report more than a 20 percentage point gap across the board in the U.S. Small Business Administration’s cybersecurity best practices that they say are important versus those that they implement. For example:

  • Make backup copies of important business data and information: 84 percent of business owners acknowledge this is important but only 58 percent do it.
  • Protect against viruses, spyware and other malicious code: 83 percent of business owners acknowledge this is important but only 60 percent do it.
  • Secure networks: 81 percent of business owners acknowledge this is important but only 54 percent do it.
  • Control physical access to computers and network components: 78 percent of business owners acknowledge this is important but only 56 percent do
  • Establish security practices and policies to protect sensitive information: 76 percent of business owners acknowledge this is important but only 47 percent do it.
  • Require employees to use strong passwords and to change them often: 76 percent of business owners acknowledge this is important but only 49 percent do
  • Educate employees about cyber threats and hold them accountable: 72 percent of business owners acknowledge this is important but only 39 percent do it.
  • Protect all pages on public-facing websites, not just the checkout and sign-up pages: 71 percent of business owners acknowledge this is important but only 38 percent do
  • Employ best practices on payment cards: 71 percent of business owners acknowledge this is important but only 46 percent do it.
  • Create a mobile device action plan: 59 percent of business owners acknowledge this is important but only 27 percent do it.

For more information, visit Nationwide’s Business Solutions Center.

Methodology
Nationwide commissioned Edelman Intelligence to conduct a 20-minute, online survey between April 9-20, 2018, among a sample of 1,000 U.S. business owners. Business owners are defined as having between 1-499 employees, being 18 years or older and self-reporting as either a sole or partial owner of their business. The margin of error for this sample was +/-3 percent at the 95 percent confidence level. As a member of CASRO in good standing, Edelman Intelligence conducts all research in accordance with Market Research Standards and Guidelines

 

1 *Note: year-over-year statistics only compare responses from business owners who have 1-299 employees to ensure a direct comparison with the survey’s 2017 sample demographic.