Why your small business should invest in cyber security.

Introduction:

Cyber security is not only critically important for big companies, but many cyber experts believe small and locally owned businesses are also at a higher risk than ever.  Nationwide Insurance recently conducted a study that sampled over 1000 small business owners in the United States. Over 75% of small business owners said they believe they are unlikely to be the victim of a cyber attack. Some 41% stated they believed the majority of cyber attacks happen to large companies. This attitude is a big risk for small businesses as the same study concluded that over 1 in 3 small businesses have been the victim of a cyber attack without even knowing. Only 13% of surveyed businesses admitted to being victims of cyberattacks.

What the statistics show:

According to a report by the Ponemon Institute, 61 percent of small businesses in the U.S. suffered some kind of cyberattack in 2017. This figure reflects a more than 50% year-over-year increase in cybersecurity attacks against U.S. small businesses. Small businesses need cybersecurity for many reasons—privacy, customer trust, financial integrity, employee integrity, data integrity, and the longevity of the business.

Why Small Businesses are Hacking Targets:

It is no secret that small businesses are small fish to hackers. While it is far more opportunistic for a hacker to target a billion-dollar company than a locally owned business, unfortunately, small businesses are much easier to attack. Billion-dollar companies have more resources to defend against hackers than much smaller companies. They generally employ a team of experienced professionals whose only job is to protect the company's technology and make it work.

In short, small businesses often see dedicated IT professionals as a luxury rather than a necessity. Often, these positions are filled by tech-savvy employees who have dual responsibilities, such as in management, sales, and marketing. Plus, multi-billion dollar companies can afford reputational damage. Even after a ransomware attack, billion-dollar companies seldom go bankrupt. However, reality is that over half of small businesses hit by ransomware attacks go out of business within 6 months. Ransomware attacks costing small companies money is just the beginning; the damage to their reputation costs much more. Many customers will stop doing business with a local company who compromises their financial and private information. The real question a small business owner should consider is "Can I afford not to invest in my business's cyber security?"

Additional statistics: (courtesy of cybersecurity-magazine.com)

1. 43% of all data breaches involve small and medium-sized businesses.
2. If you’re still in denial about the chances of your small business becoming a victim, 61% of all SMBs have reported at least one cyber attack during the previous year.
3. A benchmark study by CISCO found that 40% of the small businesses that faced a severe cyber attack experienced at least eight hours of downtime. And this downtime accounts for a major portion of the overall cost of a security breach.
4. The above-mentioned CISCO study also found that ransomware was not among the top three cyber threats identified by small businesses. Business owners may be underestimating the threat of ransomware, however, MSPs are not. 85% of MSPs consider ransomware one of the biggest threats to their SMB clients.
5. 30% of small businesses consider phishing attacks to be the biggest cyber threat.
6. 83% of small and medium-sized businesses are not financially prepared to recover from a cyber attack.
7. Despite the staggering numbers, 91% of small businesses haven’t purchased cyber liability insurance. This truly reflects how unaware and unprepared small business owners are to deal with security breaches.
8. Only 14% of small businesses consider their cyber attack and risk mitigation ability as highly effective.
9. 43% SMBs do not have any cybersecurity plan in place.
10. One in five small companies does not use endpoint security, and 52% SMBs do not have any IT security experts in-house.

Closing remarks:

If you have read this article, you are already considering steps to avoid cyberattacks, but there are many other serious threats out there. Red Sea Information Security offers services in Penetration Testing, Auditing, Network Assessment, and Generalized Information Technology support which includes Security Awareness Training to prepare and be proactive against cyberattacks.