Resource Center

Responding To A Cyber Attack

Hannah Allred
Jul 3, 2018 12:02:39 PM

New insurance research conducted by insurance company, Hiscox found that nearly half of all US small businesses have been hit by a cyberattack within the past year. In this survey, Hiscox found that among those attacked, 44 percent reported two to four following attacks in that same year. This raises concerns for small businesses and consumers alike. Business-to-customer relationships depend on trust and when that trust is broken, customers defect.

The most shocking part of these statistics, found in the 2018 Hiscox Small Business Cyber Risk Report, is that 65 percent of the affected businesses did not take actions to protect themselves from additional attacks. Here's why:

Cyberattack Costs

The study demonstrates that small businesses, in comparison to large businesses, aren’t as likely to have set strategies for defending themselves from attacks or ways of detecting them before they occur. The financial impact from a hack would also have much more of a detrimental effect on a small business than an attack on a large corporate brand.

For the past 12 months, small businesses estimated the average cost for cyberattacks to be over $30,000 each. Large companies, those with over 1,000 employees, estimated an average cost of over $1 million. Consideration must also be given to the indirect costs from a cyberattack: loss of customers, slower lead generation, lasting brand damage and the time it will take to resolve issues from the attack.

According to this data, it seems that investing in cyber threat protection would be extremely wise, yet only 52 percent of small businesses in the US reported having a clearly-defined strategy around cybersecurity.

Best Practices For Cybersecurity

For those looking to improve their defense against cyberattacks, Hiscox offers a list of their best practices:


  • Educate all levels of your organization about cyber threats
  • Be sure to have a formal budgeting process and involve cyber security in your decision making
  • Make cyber training an instituted part of the on-boarding process and continue to train your employees throughout their career


  • Include ongoing monitoring and detection of intruders on all of your critical networks
  • Track violations (both those that come through and those you successfully defend against) and make alerts using automated monitoring and manual logs.
  • Record any and all attack response efforts and any other relevant incidents


  • Make a plan, from detection and containment to notification and analysis, for all incidents. Specify and define roles and responsibilities in that plan.
  • Regularly review your response plans for new best practices and emerging cyber threats.
  • Use a stand-alone cyber policy or endorsement to insure against financial risks.

With cyber threats rising in frequency and depth, giving your company a defined defensive strategy may be the next best step to further your company's success by protecting your information, money, time and, most importantly, your customers. 

Take advantage of our robust library of industry and AG related news, articles, webinars and other resources available through our resource center to enhance your success.  You will also discover valuable insights and content you can share with your subscribers through your website, newsletters, and emails.

Receive more useful content like this by signing up for our weekly AG Newsletter below: