Most business owners take precautions to protect their most valuable possessions – locks and security systems to protect physical assets, security guards and protocols to protect buildings and employees.

But what’s stunning is how few small businesses take the appropriate steps to protect one of their most valuable assets – their data.

Customer data isn’t just valuable to you and the customers, it’s valuable to hackers as well and more and more, smaller companies are being targeted, perhaps because they are so much less likely to be protected.

No business is too small to be hacked

Think your company is too small to be attacked? Think again. Any company that collects customer data is a target for today’s cybersecurity threats. According to the Hiscox Cyber Readiness Report, larger companies may be targeted more often but the financial impact of cyber-attacks is disproportionately high for the very smallest companies.

More than half (57 percent) of respondents to the survey reported experiencing at least one attack in the last 12 months, and the cost of these attacks can be as much as £500,000 per incident. And while damage to a company’s brand is harder to quantify, as many as 1 in 6 companies in the US that had experienced an attack reported damage to their brand, their partnerships, and their reputations as a result.

Even though smaller firms were less likely to be targeted, their costs associated with an attack were nearly as high as those incurred by larger firms, and cost per employee was much higher. Plus it can take days to get back to business as usual, whereas a larger company may be able to absorb that down time more readily than a smaller company could.

This shows quite clearly that cybersecurity threats need to be taken seriously, even by smaller companies.

What are you doing to protect your customer data?

Small businesses also appear more complacent than their larger counterparts when it comes to protecting themselves against outside threat. Nearly 29 percent of small firms that had experienced an attack reported they changed nothing following a cyber security incident compared to larger firms (20%).

According to the report, most companies are stepping up spending on technology and key personnel. There’s also a movement towards investing in insurance against cyber attacks, especially for the larger companies.

But the gap between large companies and small companies is disturbingly large when it comes to adopting cyber security initiatives. Small businesses are 10 percent less likely to implement security initiatives, regardless of what they are.

Small companies are also more likely to be rated as cyber security novices as compared to their larger counterparts.

How to improve your security

So how can you take your small company from novice to expert level when it comes to cyber security?  It’s not necessarily about spending a great deal more money, but rather focusing on strategy.  The Hiscox cyber report identified six ways to improve:

1. Involve top management in security initiatives

2. Formalise your cyber security strategy

3. Include security training and awareness across the company

4. Document, record, and track processes

5. Improve technology, especially internal and external message encryption, for strong authentication

6. Transfer risk, usually through the purchase of specialised insurance

Read the Hiscox Cyber Readiness Report to familiarise yourself with the risks of cyber attacks and the ways in which your organisation can protect itself — and your data.