Chubb’s SME Survey (“Too Small to Fail?”) Reveals Significant Perception Gap in Cyber Awareness and Preparedness in Singapore, Hong Kong SAR and Australia
- More than half of SMEs in Singapore, Hong Kong SAR and Australia have experienced a cyber incident in the past year
- On average, 62% of SMEs are not aware of all the cyber threats they face
- Majority of cyber incidents are caused by internal factors
Asia-Pacific, February 13, 2019 — Chubb today released a survey of Small and Medium Enterprises (SMEs) in some Asia Pacific countries which revealed a significant perception gap between cyber risk and how well they are prepared to deal with it.
The Chubb survey, “Too Small to Fail?” of 1,000 SMEs across Singapore, Hong Kong SAR and Australia, reveals that:
- most respondents believe they are in a better position than their larger competitors to manage a cyber incident (63% in Singapore, 60% in Australia and 52% in Hong Kong SAR); yet
- the majority of SMEs have experienced a cyber incident in the last 12 months (71% in Hong Kong SAR, 60% in Australia, and 56% in Singapore); and
- the majority of cyber incidents resulted from internal factors such as system breakdowns and human error.
Risk and reality
While many SMEs feel better prepared than larger companies to manage cyber incidents, smaller companies have a relatively larger exposure, as they face the same risks as larger businesses but do not have the same means to implement comprehensive protection, leaving significant risk uncovered.
“The survey results are consistent across the three markets. Many SMEs believe they are too small to be targeted by cyber criminals or that any internal issues will not greatly impact them. In effect, they think they are “too small to fail”. However, our own claims data highlights numerous small business compromises and ransomware events that are decimating the cash flow of small businesses,” said Andrew Taylor, Cyber Underwriting Manager, Chubb Asia Pacific.
The top three cyber incidents in the past 12 months were:
- business interruption from system malfunction or technical fault;
- data loss through a system malfunction or technical fault; and
- business interruption or data loss through human error, such as a lost or stolen memory device or employees unintentionally exposing their company data to risk.
Are SMEs over confident?
The survey revealed that most SMEs are confident in their ability to overcome a breach following an attack, with Australia being the most confident at 87%, followed by Hong Kong SAR at 77% and Singapore at 72%. The majority believe they can contain a breach within 12 hours. However, this confidence contradicts other findings, including on average:
- 62% believe they are not aware of all the cyber threats they face.
- 28% of SMEs who experienced cyber incidents did not know which data files were affected.
“Perhaps the reason for these seemingly conflicting results lies in the fact there is disagreement on where the responsibility for cyber risk should rest,” said Andrew Taylor. “Respondents to our survey in Singapore and Australia were fairly equally divided – with about the same number believing the head of IT or the CEO should hold this role. This is in stark contrast to the results of our survey in Hong Kong SAR, where nearly double believe the head of IT rather than the CEO should be ultimately responsible.”
“Chubb’s view is that cyber security is everyone’s responsibility, but should be led by someone who has the authority to effect change, and this needs boardroom or business owner oversight.”
Cyber insurance – a lack of understanding
The survey also uncovered a lack of understanding of cyber insurance with around 57% of SMEs in Singapore, Hong Kong SAR and Australia not fully understanding the insurance solutions available, while 61% have never purchased cyber insurance. “Clearly, there is a need for more education about the value of cyber insurance. At Chubb, our value proposition is more than just the traditional ‘promise to pay’ – we offer enterprise-wide support solutions for the benefit of our Insured. That’s why we place emphasis on our preventive advice as well as our response support,” said Tim Stapleton, Senior Vice President, Cyber & Technology, Chubb Overseas General.
For further information: Michele Anne Minjoot,
Chubb Asia Pacific Pte Ltd
+65 6398 8708
T: +65 9618 5119