KUALA LUMPUR (Oct 16): A survey of small and medium Enterprises (SMEs) in Malaysia has revealed a significant perception gap between the threat of cyber risks and how prepared SMEs are to deal with them, according to property and casualty insurance company Chubb.

In a statement today, Chubb said 84% of the respondents in Malaysia were victims of cyber incidents in the past year.

At the same time, it said 67% of SMEs incorrectly believed that large corporations are more at risk than SMEs.

Chubb Asia Pacific underwriting manager Andrew Taylor said this was a worrying misconception, particularly with the recent implementation of the National Cyber Crisis Management Plan by Malaysia's National Cyber Security Agency to combat cyber threats.

"Complacency leaves the door wide open for malicious attacks, future breaches and inadequate incident response.

"In fact, smaller companies face a larger degree of exposure to cyber risk owing to their size and resources, as well as the lack of capital to invest in cyber risk management tools," he said.

Chubb said with nearly half (48%) of cyber incidents resulting from human and administrative error, it was unsurprising that more than one third (37%) of SME leaders in Malaysia said their employees' poor understanding of potential cyber threats was challenging their ability to protect their business.

Critically, it said 20% of SMEs believed employees are the weakest link in their cyber defence.

The firm said in the event of a major cyber incident, businesses indicated that customers (60%) followed by company profits and reputation (58%) would be most affected.

It said among Malaysian SMEs, customer records were the most commonly breached data — with 40% of businesses facing a breach of customer files in the past 12 months, followed by research and development (R&D) data, Internet Protocol (IP) data and financial performance data, all at 31%.

Chubb said three out of five (61%) of Malaysia's SMEs said they had a data breach response plan.

However, it said there was a clear difference in cyber preparedness among SMEs of different sizes.

It said 77% of SMEs with 100-249 employees had a data breach contingency plan compared with 53% in smaller SMEs with fewer than 50 employees.

Chubb said the survey further found that 70% of SMEs believe the insurance industry has an important role to play in helping businesses protect themselves against cyber risk. However, 60% also believe the industry is not moving fast enough to keep up with the rapidly evolving nature of cyber risk.

Chubb Malaysia country president Steve Crouch said in Malaysia it was concerning to see a high number of small businesses falling victim to cyber incidents coupled with a general lack of understanding and preparedness around the risks.

"Worryingly it appears many Malaysian SMEs falsely believe that their general insurance policies cover cyber risk, when in fact it most likely does not.

"Given the large proportion of the economy that SMEs make up in the country, I believe this is a critical issue to address," said Crouch.