A new survey by Nationwide Mutual Insurance Co. released today reveals that eight in 10 small business owners do not have a cyberattack response plan, even though a majority of them have been victims of at least one type of attack.

The survey was commissioned by Nationwide and conducted by Harris Interactive from June 8 to 19. It focused on 500 U.S. small business owners with fewer than 300 employees.  

“The holiday shopping season kicks into high gear this month with Thanksgiving, Black Friday and Small Business Saturday,” said Mark Berven, president and chief operating officer of Nationwide Property & Casualty. “But unfortunately, this is also the time of year when many cybercriminals target shoppers and businesses. Just think of last fall, when both Sony and Staples were attacked within a month of each other. Our goal is to help companies protect their customers year-round.”

According to the survey, 79 percent of small business owners have no cyberattack plan in place. When asked why not, 46 percent said their current software is secure enough, and 40 percent do not feel their company will be affected.

At the same time, 73 percent are at least somewhat concerned about cybercriminals, and 63 percent said they have been victims of at least one type of attack. Among the most prevalent attacks are computer viruses (44 percent), phishing (30 percent) and Trojan horses (22 percent).

According to a separate study conducted by the Computing Technology Industry Association (CompTIA), many employees don’t receive the training necessary to combat computer-related risks.

Forty-five percent of workers surveyed report that their organizations don’t provide any form of cybersecurity education or communicate specific end-user best practices. Organizations that have yet to incorporate information technology security into their onboarding and professional development programs are increasingly vulnerable, given how many issue employees devices and entrust staff to handle sensitive corporate data.

The survey, which polled 1,200 full-time U.S. workers about their cybersecurity awareness and security habits, also found that:

• 63 percent of employees use their work mobile devices for personal activities.
• 94 percent employees connect their laptops/mobile devices to public Wi-Fi networks.
• 49 percent of employees have at least 10 logins, but only 34 percent have at least 10 unique logins.

“Though employees are largely aware of the risks of poor cybersecurity habits, many don’t apply that knowledge,” the report said. “Workers’ overall IT behaviors, from Wi-Fi connectivity to online account maintenance, reflect a degree of vulnerability that malicious actors can easily exploit.”