SMEs Risk Costs Of Up To $2.5m Following A Breach

No matter the size, every entity is now at risk of cyber-attacks, whether through supply chain security lapses, phishing campaigns, or via insider attacks and weaknesses in their own networks.

However, small and mid-market companies have become a lucrative and attractive prospect for cybercriminals. These organisations will often have smaller cybersecurity budgets and may not be able to afford or have hired a chief security officer (CSO) or in-house security team able to take on rapid response duties.

We hear that security is only as strong as the weakest link. It is often employees which fill this niche, but in the overall threat landscape, SMBs can also become a springboard for attacks on larger enterprise companies. According to Cisco's SMB Cybersecurity Report, released on Wednesday 26th September, 53 percent of midmarket companies have experienced a data breach.

Recovering from these attacks can be both damaging and costly. It is not only damage to networks which must be repaired, third-party cyber-forensics teams are often hired, regulators may have to be notified and fines may be imposed, staff training may have to take place, and the victim organization may also pay in terms of their reputation and future business prospects.
The report, which includes 1816 survey respondents across 26 countries and also draws upon results from Cisco's 2018 Security Capabilities Benchmark Study, suggests that 29 percent of SMBs will pay under $100,000 after a data breach. 
However, 20 percent say that the same incident will cost them between $1,000,000 and $2,499,999 to resolve.

In total, 40 percent of SMBs will experience an average of eight hours or more in system downtime due to a data breach; a similar time frame to large enterprise players.

"The difference, though, is that larger organizations tend to be more resilient than small/midmarket businesses following an attack because they have more resources for response and recovery," Cisco notes.

The core systems of SMBs are more likely to be interconnected and tightly woven together as smaller firms do not necessarily need multiple systems spread over different locations. This may cost less to maintain, but when it comes to damage caused by a cyberattack, this is no advantage. 39 percent of respondents said that at least half of their systems have been impacted by a severe data breach in the last year.

When asked about the biggest security challenges they face, small and medium-sized businesses reported targeted attacks such as spear phishing campaigns, advanced persistent threats (APTs), ransomware infections, and Distributed Denial-of-Service (DDoS) attacks as the most concerning prospects.

However, organisations should not ignore the threat of insider attacks. A recent investigation by the tech giant suggests that 0.5 percent of employees conduct suspicious activities while on duty. This does not seem high, but this does translate to at least two employees at a company 400-strong which could undermine entire security structures and defenses with the click of a button.

In response to such threats, many SMEs are turning to cloud solutions to bolster their security. In 2014, roughly half of small to mid-sized businesses said they utilized cloud services; this figure is now closer to 70 percent and adoption is still on the rise.

"Incremental change is better than no change," Cisco says. "In short, they should not let a desire to be "perfect" in their security approach get in the way of becoming "better." Perfect, as in all things, does not exist."

"Small/midmarket businesses also must understand that there is no "silver bullet" technology solution to solve all of their cybersecurity challenges," the company added. "The threat landscape is too complex and dynamic. The attack surface is always expanding and changing. And, in response, security technologies and strategies must continually evolve as well."

ZDNet

You Might Also Read: 

What Every Small Business Should Know About Hackers & Cybersecurity:

 

 

« UK Newspaper Industry Demands Levy On Tech Firms
Machine Learning Algorithms & Police Decision-Making »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

AtkinsRéalis

AtkinsRéalis

AtkinsRealis is a market-leading design, engineering and project management consultancy operating in fields ranging from infrastructure, through energy and transport to cybersecurity.

Performanta

Performanta

Performanta offer a consultative approach to people, process and technology, focusing on security projects in line with adversarial, accidental and environmental business risk.

Xcitium

Xcitium

Xcitium (formerly Comodo) is and industry leading provider of state-of-the-art endpoint protection solutions. Our Zero threat platform isolates and removes all ransomware & malware infectictions.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

Netmarks Indonesia (NMID)

Netmarks Indonesia (NMID)

Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

Dracoon

Dracoon

DRACOON is market leader in the German-speaking region for secure enterprise file sharing.

Censys

Censys

Our customers rely on Censys data to get the global visibility they need of their attack surfaces in order to proactively prevent nation-state attacks and emerging threats.

SHIELD

SHIELD

SHIELD are the world’s leading cybersecurity company specializing in cyber fraud and identity solutions.

Dynatrace

Dynatrace

Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

Heron Technology

Heron Technology

Heron Technology are a technology solutions consultancy with core competencies in the areas of Cyber Security and Digital Aviation.

Antivirus Tales

Antivirus Tales

Antivirus Tales offers a platform to resolve all types of antivirus-related issues. The platform also provide various blog articles and informative guides to fix antivirus software errors.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.

Netia

Netia

Netia is a Polish telecommunications company providing a range of business services including network solutions, communications, data centre and cloud, and cybersecurity.