Even though data breaches have become a fact of life for many small, medium and large businesses in the UK thanks to the proliferation of ransomware and new forms of malware, the average cost of data breaches has come down by 59 percent compared to last year.
Webroot's SMB Cyberseurity Preparedness report has revealed the priority areas for small and medium businesses as well as for IT security professionals as they gear up to take on emerging cyber threats such as phishing attacks, DDoS attacks, ransomware infections and the arrival of new forms of malware.
Ransomware still a major threat in the UK
According to a study of 600 IT decision makers at small-to-medium-sized businesses by the security firm, ransomware attacks continue to be treated as the most significant threats to organisations in the UK, so much so that while 44 percent fear ransomware attacks the most, only 17 percent of such businesses are concerned about the impact of DDoS attacks.
The lack of concern towards DDoS attacks is particularly significant as 52 percent of small and medium businesses in the US and 49 percent of those in Australia expressed the maximum concern about such attacks. At the same time, 37 percent of such businesses treated new forms of malware infections as the most potent threat in the US, compared to 32 percent in the UK.
Globally, phishing has become the most feared attack form that small and medium businesses are most succeptible to in 2018, ahead of new forms of malware, insider threats, DDoS attacks, and ransomware infections. Even though businesses are much less susceptible to insider threats than before, 25 percent of them are still vulnerable to data breaches due to insiders.
"As our study shows, the rise of new attacks is leaving SMBs feeling unprepared. One of the most effective strategies to keep your company safe is with a layered cybersecurity strategy that can secure users and their devices at every stage of an attack, across every possible attack vector. And for many businesses, relying on a managed service provider (MSP) when time and expertise aren’t readily available is a crucial step to strengthen their security efforts," said Charlie Tomeo, Vice President of Worldwide Business Sales, Webroot.
Cost of data breaches declines
According to Webroot's survey, cyber attacks in which businesses lost critical enterprise or customer data cost an average of £305,357 in the UK, down 59 percent from last year. Similarly, the average cost of breaches declined by 9 percent in the US and by 48 percent in Australia.
Even though this comes as good news for small and medium businesses, many of whom do not have the financial strength to recover completely in the aftermath of cyber attacks, businesses are still struggling in providing continuous cyber security training to their employees, thereby risking more breaches in future.
According to Webroot, while almost 100 percent of businesses train employees on cyber security best practices, that figure drops to half or a third when asked about training “continuously,” which is vital for effectiveness. As many as 79 percent of businesses are still not ready to completely manage IT security and protect against threats.
The survey further revealed that only 31 percent of small and medium businesses in the UK are likely to offer continuous training to employees, compared to 54 percent in the US and 32 percent in Australia. It added that 26 percent of UK businesses will only conduct security training after a data breach takes place, compared to a mere 9 percent in the US.