As many as 79 percent of IT decision-makers and C-level executives at small and medium businesses consider potential cyber threats as their top-of-mind concerns and the number rises to 88 percent among SMBs with 150-250 employees.
A survey of 1,083 C-level executives and IT professionals at small and medium businesses carried out by cyber security firm AppRiver has revealed how much importance SMBs give to cyber security, how prepared they are to face potential cyber threats, and what are they planning to do in the future to keep their systems and data secure.
The survey revealed that an overwhelming majority of IT decision-makers and other C-level executives such as CEOs, CFOs, compliance officers, presidents, and heads of IT consider potential cyber threats as s top-of-mind concern, so much so that only 21 percent of IT decision-makers give more priority to other aspects of their business.
Experience of suffering actual attacks have made SMB bosses wary of potential cyber threats
A major reason why decision-makers at SMBs are concerned about potential cyber threats is that 64 percent of these organisations have reported facing actual cyber attacks and worryingly, 82 percent of all SMBs in the government sector have reported facing actual cyber attacks.
As many as 19 percent of SMBs have also expressed fears about their businesses not recovering or surviving in the aftermath of a successful cyber attack. SMBs with 150 to 250 employees are more concerned about the disastrous after-effects of a cyber attack compared to those that hire fewer people.
SMBs across all sectors, especially those in education, finance, government, technology, and insurance sectors also told AppRiver that their business is vulnerable to "imminent" cyber attacks and the percentage of businesses who think so has increased from 40% in Q2 this year to 47% in Q3.
Phishing was the most common form of cyber attacks targeting SMBs, with such campaigns targeting 78% of real estate firms, 82% of government organisations, 79% of media and marketing agencies, and 77% of technology companies. 49% of C-level executives and IT decision-makers at SMBs admitted that they were themselves victims of phishing attacks.
Considering the increasing awareness and concern about potential cyber threats that could wreck businesses, 58% of all SMBs said they have made improvements in their business’s cyber preparedness in the past year and are therefore in better shape in fighting off potential cyber attacks.
AppRiver found that 68 percent of SMBs in the technology sector and 47 percent in the hospitality sector made improvements in the past year to their cyber preparedness and as a result, these organisations feel more confident to face potential attacks.
SMBs harbouring a false sense of security and underestimating the real cost of a cyber attack
Despite some improvements that have been made on the cyber security front, AppRiver found several factors that still make SMBs highly vulnerable to potential cyber threats. A false sense of security and an underestimation of the real costs of recovering from a successful cyber attack are perhaps the most alarming.
While 51 percent of SMB executives and IT decision-makers said that a successful attack or data breach would cost their business less than $25,000 and 35 percent said the costs would not exceed $10,000 in damages, research and real-life examples have demonstrated that the average incident cost SMBs approximately $120,000 and the amount rose by $32,000 since then.
Even though a comfortable majority of SMBs said they have made improvements in their preparedness, AppRiver's survey revealed that just 38 percent of SMBs applied security patches immediately, 32 percent took a week’s time to implement a security fix, and the remaining 30 percent took longer than a week to implement patches.
"Nearly two decades of constant fear-based messages have taken their toll on smaller SMBs. Fatalism and a false sense of security are signs that they need more straightforward education and awareness," said Geoff Bibby, vice president of Marketing at AppRiver.
"The threats are very real and the stakes are incredibly high, but there are simple ways to make startups and early-stage companies much harder targets," he added.
"SMBs should specifically consider strengthening the security of their email, a common vector for digital attacks. They can do this by investing in a solution that analyzes incoming email messages based upon their URLs, campaign patterns and other indicators. This solution should work in real-time while allowing legitimate correspondence to get through," the firm said.