• Home
  • Home
  • 2023 Cyber Resiliency Report
  • 2023 Cyber Resiliency Report
No

2023 Cyber Resiliency Report

As cyberattacks become more frequent and complex, it's critical that businesses understand the threat and take action to become cyber resilient.

Hanover Specialty's 2023 Cyber Resiliency Report reveals that while small- and mid-sized business decision-makers have high confidence in their organization's cybersecurity posture, their businesses are generally unprepared for the threat of a cyberattack.

This affirms the important role independent insurance agents can play as experienced advisers, offering risk management consultation and access to services to help business leaders protect their operations and maximize the benefits of their cyber insurance programs.

Person at computer with cyber security graphics floating in front of screen

 

Key findings

Only 7%

of small- to mid-sized businesses think it's very likely that their business will be impacted by a cyberattack in the next 12 months.

Nearly half

report their business, suppliers or customers were impacted by a data breach or cyberattack over the last 12 months.

1 in 2

report their business has not conducted a business-wide cyber risk assessment in the last 12 months.

 

Perception vs. reality

While these decision makers do not think their business will be impacted by a cyberattack in the coming year, most respondents engage in activities that raise the risk of a data breach or cyberattack.

 

67%

store business documents in the cloud

 

64%

access business email on personal devices

 

33%

connect business devices to public or unsecured Wi-Fi networks

What this means for agents

This presents an opportunity for independent agents and brokers to discuss these exposures with their customers, especially since business leaders surprisingly say they are concerned about cyber risk—revealing a disconnect between the perceived likelihood of an attack and the reality of ever-present cyber risk. Business leaders note concern about:

 

71%

Destruction or corruption of business files and data from a ransomware attack

 

78%

Lost access to business computer systems and software

 

65%

Their business’s website being attacked by hackers

 

Out of sight, out of mind

As new risks emerge, businesses are overlooking specific threats.

BREACH OF PII

While breaches of personally identifiable information (PII) were once a top concern, now, only 34% of business leaders say they’re very concerned about a breach. Yet with double extortion ransomware attacks, the threat of a breach of PII is very real. In these events, bad actors:

  • Encrypt data on the victim's system
  • Create a copy of the data and exfiltrate from the business' network
  • Threaten to leak the data on the dark web or to the public

During these events, cybercriminals demand a ransom twice.

SUPPLY CHAIN ATTACKS 

Most businesses protect against, and plan for, scenarios in which they are the direct target of a cyberattack. But bad actors are taking advantage of supply chains, exploiting vulnerabilities in a business' partners, to gain access to their end target indirectly.

Yet 63% of businesses say they do not evaluate the security practices of potential vendors and service providers before working with them.

With businesses increasingly turning to outsourcing as a solution to today’s challenging labor environment, the threat of being a victim of an attack continues to grow.

Addressing cybersecurity gaps

Help customers become cyber resilient

When it comes to cyber threats, most small- and mid-sized businesses do not have basic prevention measures in place. This creates an opportunity for independent agents and brokers to talk with their customers about the importance of proactively managing cyber risk and leveraging cybersecurity services, like those offered through the Hanover CyberSecure ProgramTM, to help prevent cyber losses.

VULNERABILITIES

Most businesses do not have basic prevention measures in place.

HOW YOU CAN HELP

Offer solutions from leading service providers to help address gaps.

Cybersecurity training

eRiskHub(R)

 Learn more

 Share with your clients

Multi-factor authentication (MFA)

HYPR

 Learn more

 Share with your clients

Data protection and recovery

Metallic

 Learn more

 Share with your clients

Endpoint protection
Incident response planning

eRiskHub(R)

 Learn more

 Share with your clients

Managed detection and response

 

Post-breach support

Cyber incident response partners

 Learn more

 Share with your clients

 

About The Hanover CyberSecure Program

With thousands of cyber risk management service providers in the marketplace, it can be challenging to know which industry experts to turn to. The Hanover CyberSecure Program brings together a variety of technology solutions offered through vetted industry partners, making it easy for policyholders to leverage the services to help protect their businesses from cyber threats and prevent cyber losses. These services are offered at no charge or at a discount.

Learn more 

 

  Amidst the digital landscape's growing complexities, this new data unveils a stark truth: businesses are at a crossroads between acknowledging the looming cyber threat and taking meaningful action. With a small percentage of business decision-makers thinking a cyber incident is 'very likely,' the difference between perception and reality is glaring. Business leaders are in need of education regarding risk mitigation available to them to reduce the risk of cyber loss, which creates an opportunity for agents to better serve their customers."

 

 - Eric Cernak, head of cyber at The Hanover

Eric Cernak.png

     

    Survey method
    The research was conducted online in the United States by The Harris Poll on behalf of Hanover among 300 small business owners and executives defined as U.S. adults ages 21+ who are employed full-time or part-time, have a title of owner/president/partner/C-suite executive at their company, and the company employs 3-249 employees. The survey was conducted August 17-24, 2023. Data were sampled to be representative by employee size to ensure they were in line with their actual proportions in the population.

    Respondents for this survey were selected from among those who have agreed to participate in our surveys.  The sampling precision of Harris online polls is measured by using a Bayesian credible interval.  For this study, the sample data is accurate to within + 5.63 percentage points using a 95% confidence level.  This credible interval will be wider among subsets of the surveyed population of interest.   

    For complete survey methodology, including weighting variables and subgroup sample sizes, please contact Kyle Tildsley at ktildsley@hanover.com.

    No

    2023 Cyber Resiliency Report

    As cyberattacks become more frequent and complex, it's critical that businesses understand the threat and take action to become cyber resilient.

    Hanover Specialty's 2023 Cyber Resiliency Report reveals that while small- and mid-sized business decision-makers have high confidence in their organization's cybersecurity posture, their businesses are generally unprepared for the threat of a cyberattack.

    This affirms the important role independent insurance agents can play as experienced advisers, offering risk management consultation and access to services to help business leaders protect their operations and maximize the benefits of their cyber insurance programs.

    Person at computer with cyber security graphics floating in front of screen

     

    Key findings

    Only 7%

    of small- to mid-sized businesses think it's very likely that their business will be impacted by a cyberattack in the next 12 months.

    Nearly half

    report their business, suppliers or customers were impacted by a data breach or cyberattack over the last 12 months.

    1 in 2

    report their business has not conducted a business-wide cyber risk assessment in the last 12 months.

     

    Perception vs. reality

    While these decision makers do not think their business will be impacted by a cyberattack in the coming year, most respondents engage in activities that raise the risk of a data breach or cyberattack.

     

    67%

    store business documents in the cloud

     

    64%

    access business email on personal devices

     

    33%

    connect business devices to public or unsecured Wi-Fi networks

    What this means for agents

    This presents an opportunity for independent agents and brokers to discuss these exposures with their customers, especially since business leaders surprisingly say they are concerned about cyber risk—revealing a disconnect between the perceived likelihood of an attack and the reality of ever-present cyber risk. Business leaders note concern about:

     

    71%

    Destruction or corruption of business files and data from a ransomware attack

     

    78%

    Lost access to business computer systems and software

     

    65%

    Their business’s website being attacked by hackers

     

    Out of sight, out of mind

    As new risks emerge, businesses are overlooking specific threats.

    BREACH OF PII

    While breaches of personally identifiable information (PII) were once a top concern, now, only 34% of business leaders say they’re very concerned about a breach. Yet with double extortion ransomware attacks, the threat of a breach of PII is very real. In these events, bad actors:

    • Encrypt data on the victim's system
    • Create a copy of the data and exfiltrate from the business' network
    • Threaten to leak the data on the dark web or to the public

    During these events, cybercriminals demand a ransom twice.

    SUPPLY CHAIN ATTACKS 

    Most businesses protect against, and plan for, scenarios in which they are the direct target of a cyberattack. But bad actors are taking advantage of supply chains, exploiting vulnerabilities in a business' partners, to gain access to their end target indirectly.

    Yet 63% of businesses say they do not evaluate the security practices of potential vendors and service providers before working with them.

    With businesses increasingly turning to outsourcing as a solution to today’s challenging labor environment, the threat of being a victim of an attack continues to grow.

    Addressing cybersecurity gaps

    Help customers become cyber resilient

    When it comes to cyber threats, most small- and mid-sized businesses do not have basic prevention measures in place. This creates an opportunity for independent agents and brokers to talk with their customers about the importance of proactively managing cyber risk and leveraging cybersecurity services, like those offered through the Hanover CyberSecure ProgramTM, to help prevent cyber losses.

    VULNERABILITIES

    Most businesses do not have basic prevention measures in place.

    HOW YOU CAN HELP

    Offer solutions from leading service providers to help address gaps.

    Cybersecurity training

    eRiskHub(R)

     Learn more

     Share with your clients

    Multi-factor authentication (MFA)

    HYPR

     Learn more

     Share with your clients

    Data protection and recovery

    Metallic

     Learn more

     Share with your clients

    Endpoint protection
    Incident response planning

    eRiskHub(R)

     Learn more

     Share with your clients

    Managed detection and response

     

    Post-breach support

    Cyber incident response partners

     Learn more

     Share with your clients

     

    About The Hanover CyberSecure Program

    With thousands of cyber risk management service providers in the marketplace, it can be challenging to know which industry experts to turn to. The Hanover CyberSecure Program brings together a variety of technology solutions offered through vetted industry partners, making it easy for policyholders to leverage the services to help protect their businesses from cyber threats and prevent cyber losses. These services are offered at no charge or at a discount.

    Learn more 

     

      Amidst the digital landscape's growing complexities, this new data unveils a stark truth: businesses are at a crossroads between acknowledging the looming cyber threat and taking meaningful action. With a small percentage of business decision-makers thinking a cyber incident is 'very likely,' the difference between perception and reality is glaring. Business leaders are in need of education regarding risk mitigation available to them to reduce the risk of cyber loss, which creates an opportunity for agents to better serve their customers."

     

     - Eric Cernak, head of cyber at The Hanover

    Eric Cernak.png

       

      Survey method
      The research was conducted online in the United States by The Harris Poll on behalf of Hanover among 300 small business owners and executives defined as U.S. adults ages 21+ who are employed full-time or part-time, have a title of owner/president/partner/C-suite executive at their company, and the company employs 3-249 employees. The survey was conducted August 17-24, 2023. Data were sampled to be representative by employee size to ensure they were in line with their actual proportions in the population.

      Respondents for this survey were selected from among those who have agreed to participate in our surveys.  The sampling precision of Harris online polls is measured by using a Bayesian credible interval.  For this study, the sample data is accurate to within + 5.63 percentage points using a 95% confidence level.  This credible interval will be wider among subsets of the surveyed population of interest.   

      For complete survey methodology, including weighting variables and subgroup sample sizes, please contact Kyle Tildsley at ktildsley@hanover.com.