Small businesses are a major target for cyberattacks and often lack the resources to prepare and plan for digital threats.

Speakers at the Travelers Institute’s March 22 Cyber: Prepare, Prevent, Mitigate, Restore forum said small and midsize businesses are less likely to have dedicated in-house expertise to protect data.

CBIA president Joe Brennan
Small businesses don't necessarily have the resources to deal with cyber attacks, CBIA's Joe Brennan told the forum.

Institute president Joan Woodward said the forum, part of a series, was designed to educate and inform small and midsize businesses about cybersecurity prevention.

“Forty-three percent of cybersecurity attacks target small businesses that employ 250 or less people,” said Woodward, adding that attacks can cost thousands of dollars in ransom payments to retrieve stolen data.

CBIA president and CEO Joe Brennan reiterated how critical cybersecurity is for Connecticut businesses.

“Businesses have been looking to organizations like the Travelers Institute and CBIA for guidance," Brennan said.

"This is such a critical issue that’s coming more into the forefront every day."

Expertise, Resources

Brennan noted CBIA represents many defense contractors, public utilities, and electric grid companies in Connecticut, where cybersecurity is top-of-mind, but smaller companies don’t necessarily have the expertise or resources to prevent attacks.

“We’re working internally to determine how we can best service our members, particularly small to midsize companies, and provide guidance, education, and expertise as they grapple with this very important issue,” he said.

Arthur House, the state's first chief cybersecurity risk officer, said his mission was to develop and implement an enhanced strategy for the state’s electric, natural gas, and water sectors.

“We are dependent upon vulnerable systems, like computers and smart phones, that are critical for business and personal transactions,” he said.

As businesses rely more heavily on technology, their exposure to cyberattacks increases, with criminals often targeting employees to infiltrate networks and systems.

Growing Threat

Dr. Jay Vadiveloo, director of UConn's Goldenson Center for Actuarial Research, released his research study, Cyber Risk for Small and Medium-Sized Enterprises, at the forum.

Vadiveloo said that in 2014, 50% of small businesses reported that they were victims of a cyberattack.

He said many small and midsize businesses are targeted because they are unaware of the severity of cyberattacks and do not have the proper security measures in place

“Small businesses have the misconception that cybercriminals only target large organizations,” Vadiveloo explained.

"In fact, we found that 61% of phishing attacks [fraudulent emails sent with the purpose to obtain personal employee or business information] were targeted at small and medium-sized businesses in 2014—double what it was just a year earlier.”

Other speakers included Linda Betz, chief information security officer at Travelers; Jennifer Coughlin, data breach mitigator for Mullen Coughlin LLC; and Thomas Lawler, from the Federal Bureau of Investigation's Cyber Crime Squad.

The forum was held at UConn’s Graduate Business Learning Center in Hartford and hosted in partnership with CBIA, reSET, and the UConn Goldenson Center for Actuarial Research.