Hiscox, Chesapeake, Va., released its 2018 Hiscox Small Business Cyber Risk Report, which revealed data on U.S. small businesses’ preparedness for cyber threats.

The report found that 65% of small businesses fail to act following a cyber security incident. Notably, 47% of small businesses suffered at least one cyberattack in the past year; 44% of small businesses that reported a cyberattack in the past year experienced 2-4 attacks.

Additional highlights from the report include:

  • Cyber a top concern. Two-thirds of small businesses surveyed reported cyber risk as a top concern for potential business impact on their organization in the coming year.
  • Lack of strategy. Barely half (52%) of small businesses reported having a clearly-defined strategy around cyber security. 
  • Training. Less than one-third (32%) of small businesses have simulated phishing experiments to assess employee behavior and readiness in the event of an attack.
  • Budget catch-22. Despite keeping cyber threats as a top-of-mind concern, 50% of small businesses say they’re challenged by a lack of budget. 

The 2018 Hiscox Small Business Cyber Risk Report focuses on the responses of U.S. small businesses surveyed as a part of the Hiscox Cyber Readiness Report 2018, which was released Feb. 7.

Hiscox commissioned Forrester Consulting, Cambridge, Mass., to assess organizations’ cyber readiness. In total, 4,103 professionals responsible for their respective organization’s cyber security strategy were contacted (1,000 plus each from the UK, United States and Germany, and 500 each from Spain and The Netherlands). Drawn from a representative sample of organizations by size and sector, more than 30% surveyed make the final decision on how their business should respond to cyberattacks. Respondents completed the online survey between Oct. 12-Nov. 10, 2017.