Study shows majority of small businesses unprepared for cyber attacks
August 6, 2019
Capital One’s recent breach that exposed the personal information of some 100 million Americans served as another reminder about the increasing risks posed by cyber criminals.
But a new study found that despite the rising risks, cyber security efforts aren’t a top priority among small businesses.
The 2019 SMB Cyberthreat Study from Keeper Security, which surveyed senior level decision-makers at companies with 500 or fewer employees, found that 60% of respondents don’t have a cyber attack prevention plan. In fact, 18% ranked cyber security as their lowest priority.
“Businesses face a vulnerability crisis when it comes to cybercriminals, and this reality won’t get better until cybersecurity gets higher billing on their to-do list,” explained Darren Guccione, CEO and co-founder of Keeper Security, in a press release.
The study highlights an important perception gap among small businesses when it comes to cyber vulnerability, indicating that many underestimate the risks associated with an attack.
Two out of three respondents (66%) said they believe their business is unlikely to experience a cyber attack. However, a previous study conducted by the Ponemon Institute found that 67% of companies were attacked in the last year.
What’s more, 60% of small companies that get hacked go out of business within six months following a cyber attack.
The Keeper study also revealed an interesting perception difference between newer and more established businesses. Of the companies surveyed that have been in business for less than five years, 28% believe it is “very likely” that they will be the target of a cyber attack, while only 6% of respondents from companies operating for 10 or more years thought the same. In fact, 70% of those more mature businesses said a cyber attack against their company isn’t very likely or not likely at all.
You need 7 tools to master international trade. Find out what they are.
The small business urban legend
Cyber attacks can happen to any business of any size. But, alarmingly, the study from Keeper revealed that only 12% of respondents “understand the reality that an attack is very likely, no matter how big or small the company.”
According to Keeper, many small firms think that their business isn’t appealing to hackers because of its size. Meaning while small business owners may be aware of cyber security, they consider it an issue that’s only relevant to large companies. But that mindset is a slippery slope that only makes them more vulnerable.
Small businesses are just as likely, if not more so, to be the victim of a cyber attack. That’s because hackers often use small firms as a way to access large corporations. Just look at Target’s massive data breach back in 2013. The path that hackers used to access the company’s database was found to have come from an HVAC subcontractor. That breach affected 40 million customers and wound up costing Target $162 million.
Not to mention, there are more than 30 million small businesses across the US. That’s a lot more targets for cyber criminals compared to the country’s 19,464 large companies.
More breaking news, trending topics, and industry updates are a click away.
Where to start
While cyber security measures are important for any business, implementing them can initially seem daunting for smaller firms. So, it’s no surprise that 25% of those surveyed by Keeper said they don’t know where to start with cyber security.
But not knowing where to start is no excuse for not making cyber security a priority. Cyber theft is the fastest-growing crime in the US, and, according to research from IBM, businesses with fewer than 500 employees that experience an attack average $2.5 million in losses.
So where to start? One of the most important security matters to begin with might be one of the most obvious and overlooked: passwords. In a press release, Keeper noted that 81% of data breaches are the result of weak or stolen passwords. Educating employees about the importance of strong passwords and implementing password policies (which should include two-factor authentication) needs to be part of any cyber attack prevention plan.
When it comes to cyber security, the bottom line is that no company — regardless of size, industry, or years in business — is immune to the risks of cyber attacks. The only difference is that large companies can usually survive a cyber attack. For small businesses, that’s an important distinction to keep in mind and a reminder to prioritize cyber security.
Are wire transfers safe? Download our white paper to find out.