Cybersecurity is something businesses need to be cautious about in the digital age. Source: Shutterstock

Cybersecurity is something businesses need to be cautious about in the digital age. Source: Shutterstock

Malaysian SMEs need to stop and think about cybersecurity — study

“WHEN IT comes to cybersecurity, ignorance is a risk,” said Chubb Malaysia Country President Steve Crouch.

The US-based insurance company recently conducted a study in the APAC that found Malaysian SMEs were underprepared to face cyberattacks and cyber threats.

Headline figures from the study show that 84 percent of Malaysian SMEs were victims of cyber incidents in the past year, 67 percent of Malaysian SMEs believe that large corporations are more at risk of cyberattacks than small businesses, and 40 percent of businesses have experienced a breach of customer files in the past 12 months.

“Contrast those numbers with the fact that more than 90 percent of Malaysian businesses belong to the SME category,” Chubb Cyber Underwriting Manager Andrew Taylor told Tech Wire Asia.

The point that Taylor — and Chubb’s new report — is trying to drive home is that any business transacting using a computer is at risk in the digital age. If they want to thrive, they need to plan to control and mitigate that risk.

“I think SMEs should be really concerned about the growing activity of cyber attackers — it could severely affect their cashflows as well as their livelihoods,” said Taylor.

According to the study, only 55 percent of SMEs said that they would notify affected parties after a breach — which is concerning — although it seems as though businesses fear impacting relationships with customers, damaging their reputation in the market, and affecting revenue/sales as a result.

Taylor and Crouch, therefore, advise businesses in Malaysia and around the APAC to take steps to re-assess the risks and put better safety and security measures in place.

All customer data can be monetized

Chubb’s research highlights the fact that SMEs tend to think that the data they collect isn’t as attractive as the data that large organizations collect.

“SMEs need to realize that the data they collect is valuable. Even if it isn’t financial data, it can be harvested and monetized on other platforms once it has been stolen,” emphasized Taylor.

Crouch pointed out that SMEs are usually focused on their business objectives, and being time-poor means they don’t have the time to plan how they respond to a breach or a cyber incident.

“As Taylor said, cyberattacks, especially ransomware and phishing attacks create severe cashflow issues for SMEs, putting their future at risk. To protect themselves, they need to plan practically, proactively, and pragmatically,” explained Crouch.

When Chubb asked SMEs about recent cyber incidents, they found that 48 percent were caused by human and administrative error and another 35 percent of the cases were the result of an employee ignorantly clicking on a malicious link in an email.

Ultimately, the reality is that SMEs need to re-think their cyberdefense strategy — because it’s not a question of if they’ll be attacked, but when. Lack of preparation could definitely put the future of the entity at risk.