Majority of U.S. Small and Medium-Sized Businesses Do Not Have Cyber Insurance Coverage Amid Steep Increase in Cybercrime

SCOTTSDALE, Ariz. Oct. 6, 2020 – CyberScout, a global leader in cybersecurity and identity theft resolution services, today announced the findings of a 2020 survey of 2,055 small and medium-sized business (SMB) owners in the U.S. assessing their awareness, knowledge and concern about top cybersecurity issues facing businesses today. Despite 76 percent of U.S. SMBs experiencing cyberattacks in 20191, approximately 69 percent of respondents did not have cyber insurance coverage for their business at the time of the CyberScout survey.

“Business owners are under a lot of pressure from the economic disruptions caused by the pandemic,” said Jennifer Leuer, Chief Executive Officer of CyberScout. “It may be even more challenging now to find the time to prioritize cybersecurity, but there are a few basic things every business can do to try to prevent a cyberattack. All business owners should also be prepared to quickly detect a cyberattack if one does occur.”

About half (53 percent) of companies reported having employees regularly work remotely prior to the pandemic. However, only 34 percent of those companies required a VPN connection (the highest form of remote network security). After most companies shifted to remote working arrangements due to shelter-in-place orders, only 17 percent of SMB leaders reported establishing or reiterating their IT security protocol for remote work. Unfortunately, a surprising 14 percent of SMB leaders report they do not follow any cybersecurity measures for remote work.

“Small and medium-sized businesses are an important driver of the economy and should be empowered with progressive insurance policies that include cyber risk protection services, incident response and insurance coverages to provide the financial support needed to keep the doors open after an attack,” continued Leuer. “Most companies are lacking a trusted advisor that can break down the best practices that should be followed and make the process less intimidating. It’s our goal to fill this important role for SMBs across the country.”

In addition, the survey found that 51 percent of U.S. SMBs did not have an ongoing training program on cybersecurity best practices. Companies that did have cybersecurity policies in place reported scattered approaches to training and protection. A quarter used emails to share best practices with employees, 22 percent reported performing “live fire” trainings and 20 percent also performed vulnerability testing. As few as 18 percent of companies conduct an annual training.

To learn more, view CyberScout’s full report on SMB cybersecurity, please visit

About the Survey

Spring 2020 survey of 2,055 small and medium-sized business (SMB) owners in the U.S. Approximately 90 percent of respondents were business owners; the remaining 10 percent were in senior management or executive roles. The majority of respondents’ businesses earned between $1-$4.9 million per year. About half of respondents earned more than $5 million annually.

Since 2003, Cyberscout has set the standard for full-spectrum identity, privacy and data security services, offering proactive protection, education, and data theft resolution as well as breach preparedness and response. Serving approximately 17.5 million households worldwide and more than 770,000 businesses, Cyberscout is offered globally by an ever-growing number of client partners. Cyberscout combines extensive experience with high-touch service to help individuals, government and commercial clients minimize risk and maximize recovery.