Preparing for the Inevitable: Chubb Advisory Highlights Rising Frequency and Costs for Cyber Attacks Against Small and Midsize Businesses
Chubb's claims data shows that 60% of all cyber events at small to midsize companies over the past three years were the result of external factors

WHITEHOUSE STATION, N.J., Feb. 19, 2019 /PRNewswire/ -- While major breaches against large, well-known companies continue to dominate media headlines, the reality is that small and midsize businesses are much more common targets of most cyber attacks. In fact, according to Chubb's claims data, 60 percent of all cyber events experienced by small and midsize businesses in the past three years were caused by external factors (e.g. events that are a result of individuals or organizations where the impacted company has no relationship).  Nonetheless, many small and midsize businesses continue to believe they are not at risk of cyber attacks.

Chubb has released an advisory to address that knowledge gap, which often leads to many small and midsize businesses underestimating the substantial cyber-related risks they face. The advisory, "Cyber Attack Inevitability: The Threat Small & Midsize Businesses Cannot Ignore," highlights these cyber risks, offers real-world examples that demonstrate what small and midsize businesses often face, and shares precautionary measures to help protect against these occurrences. For example, if something as simple as email account information falls into the hands of a cyber criminal, a business client may be duped to wire transfer large sums of money into a fraudulent bank account, which, if successful, could place the business on the hook for those hundreds of thousands of dollars—a reality that could be fatal to a smaller business.

"Small and midsize businesses are directly in the crosshairs of cyber criminals in the United States and across the world," said William Stewart, Division President of Chubb's Global Cyber Practice. "These businesses often assume they are not targets for cyber criminals, due to their size, industry, or lack of large databases of personal information. However, the reality is quite the opposite: smaller businesses are actually more vulnerable and considered prime targets for cyber criminals, as their security measures are more likely to be outdated or underprioritized, opening the door for cyber criminals to deploy attacks quickly, cheaply, and anonymously."

According to Juniper Research, the total number of connected Internet of Things (IoT) sensors and devices is set to exceed 50 billion by 2022, up from an estimated 21 billion in 2018. "That translates into an incredible number of entry points for cyber criminals," Stewart added. "If companies are going to be able to operate moving forward, cyber security must be a central focus of management teams."

"Cyber incidents can be costly and even disastrous for a small business. On average, it costs about $400,000 to recover from a single cyber incident, with more than 4,000 incidents occurring every single day," Stewart noted. "The cost and frequency of these attacks highlight the importance of the issue at hand. However, despite these daunting statistics, the majority of cyber incidents are preventable, as they mostly stem from human error or a simple lack of proper training."

Chubb encourages small and midsize business owners to ask for help in educating their employees, as it is among one of the most important elements to protect businesses from experiencing and bearing the financial weight of a cyber incident. In addition to employee training, small and midsize businesses should ensure strong password security and hygiene practices, use of adequate antivirus software, thorough monitoring of all network activity, and use of up-to-date operating systems. As cyber threats continually evolve, cyber insurance—in connection with these other preventative measures—can play a key role in the awareness, preparedness, and resiliency of small and midsize businesses.

To learn more, visit to access a wealth of resources to stay cyber vigilant, including real-time access to proprietary Chubb claims data found on the Chubb Cyber IndexSM.

About Chubb Cyber
Chubb is a leader in insuring cyber risk. Combining industry-leading underwriting and expert third-party incident response services, Chubb offers policies that are tailored to the specific needs and risks of its clients to ensure they are ready with the tools and expertise necessary should a cyber incident occur. Moving swiftly to connect clients with the proper parties to minimize data loss is only part of what Chubb delivers. Keeping an eye on the ever-evolving cyber security landscape, Chubb looks for ways to do more by offering cutting-edge products and holistic services to each and every client.

About Chubb:
Chubb is the world's largest publicly traded property and casualty insurance company, and the largest commercial insurer in the United States. With operations in 54 countries and territories, Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance and life insurance to a diverse group of clients. As an underwriting company, we assess, assume and manage risk with insight and discipline. We service and pay our claims fairly and promptly. The company is also defined by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength and local operations globally. Parent company Chubb Limited is listed on the New York Stock Exchange (NYSE: CB) and is a component of the S&P 500 index. Chubb maintains executive offices in Zurich, New York, London and other locations, and employs approximately 31,000 people worldwide. Additional information can be found at:


For further information: Eric Samansky: 215-640-4666; or Laurie Taylor: 908-903-2611;