PETALING JAYA: Some 84% of Malaysian small and medium enterprises (SMEs) which responded to a survey by Chubb were victims of “cyber incidents” in the past year.
The survey also found that there was a significant perception gap between the threat of cyber risks and how prepared SMEs are to deal with them.
According to the property and casualty insurance company’s SME Cyber Preparedness Report 2019, 67% of the respondents believed that large corporations are more at risk than SMEs.
The survey drew a total of 300 Malaysian respondents.
Chubb Asia Pacific cyber underwriting manager Andrew Taylor highlighted that it is a worrying misconception, particularly with the recent implementation of the National Cyber Crisis Management Plan by Malaysia’s National Cyber Security Agency to combat cyber threats.
“Complacency leaves the door wide open for malicious attacks, future breaches and inadequate incident response. In fact, smaller companies face a larger degree of exposure to cyber risk owing to their size and resources, as well as the lack of capital to invest in cyber risk management tools,” he said in a press statement.
With 48% of cyber incidents attributed to human and administrative error, 37% of SME leaders in Malaysia say their employees’ poor understanding of potential cyber threats is challenging their ability to protect their business.
Critically, 20% of SMEs believe employees are the weakest link in their cyber defence.
“While leaders recognise the importance of cyber training, 41% believe that employees are neglecting their responsibilities around data protection,” the report cited.
In the event of a major cyber incident, businesses indicated that customers (60%) followed by company profits and reputation (58%) would be most affected.
Among the Malaysian respondents, customer records are the most commonly breached data – with 40% of businesses facing a breach of customer files in the past 12 months, followed by R&D data, IP data and financial performance data, all at 31%.
The survey found that 61% of Malaysia’s SMEs have a data breach response plan.
However, there is a clear difference in cyber preparedness among SMEs of different sizes. The report said 77% of SMEs with 100-249 employees have a data breach contingency plan compared with 53% in smaller SMEs with fewer than 50 employees.
Malaysian SMEs, though, were faster to respond to cyber incidents than other markets surveyed, with 67% resuming operations within 12 hours of a cyber incident.
Meanwhile, 70% of the SMEs in the survey believe the insurance industry has an important role to play in helping businesses protect themselves against cyber risk.
However, 60% also believe the industry is not moving fast enough to keep up with the rapidly evolving nature of cyber risk.
“In Malaysia it is concerning to see a high number of small businesses falling victim to cyber incidents coupled with a general lack of understanding and preparedness around the risks,” said Chubb Malaysia country president Steve Crouch.
“Worryingly, it appears many Malaysian SMEs falsely believe that their general insurance policies cover cyber risk, when in fact it most likely does not. Given the large proportion of the economy that SMEs make up in the country, I believe this is a critical issue to address.”
