SMEs Risk Costs Of Up To $2.5m Following A Breach

No matter the size, every entity is now at risk of cyber-attacks, whether through supply chain security lapses, phishing campaigns, or via insider attacks and weaknesses in their own networks.

However, small and mid-market companies have become a lucrative and attractive prospect for cybercriminals. These organisations will often have smaller cybersecurity budgets and may not be able to afford or have hired a chief security officer (CSO) or in-house security team able to take on rapid response duties.

We hear that security is only as strong as the weakest link. It is often employees which fill this niche, but in the overall threat landscape, SMBs can also become a springboard for attacks on larger enterprise companies. According to Cisco's SMB Cybersecurity Report, released on Wednesday 26th September, 53 percent of midmarket companies have experienced a data breach.

Recovering from these attacks can be both damaging and costly. It is not only damage to networks which must be repaired, third-party cyber-forensics teams are often hired, regulators may have to be notified and fines may be imposed, staff training may have to take place, and the victim organization may also pay in terms of their reputation and future business prospects.
The report, which includes 1816 survey respondents across 26 countries and also draws upon results from Cisco's 2018 Security Capabilities Benchmark Study, suggests that 29 percent of SMBs will pay under $100,000 after a data breach. 
However, 20 percent say that the same incident will cost them between $1,000,000 and $2,499,999 to resolve.

In total, 40 percent of SMBs will experience an average of eight hours or more in system downtime due to a data breach; a similar time frame to large enterprise players.

"The difference, though, is that larger organizations tend to be more resilient than small/midmarket businesses following an attack because they have more resources for response and recovery," Cisco notes.

The core systems of SMBs are more likely to be interconnected and tightly woven together as smaller firms do not necessarily need multiple systems spread over different locations. This may cost less to maintain, but when it comes to damage caused by a cyberattack, this is no advantage. 39 percent of respondents said that at least half of their systems have been impacted by a severe data breach in the last year.

When asked about the biggest security challenges they face, small and medium-sized businesses reported targeted attacks such as spear phishing campaigns, advanced persistent threats (APTs), ransomware infections, and Distributed Denial-of-Service (DDoS) attacks as the most concerning prospects.

However, organisations should not ignore the threat of insider attacks. A recent investigation by the tech giant suggests that 0.5 percent of employees conduct suspicious activities while on duty. This does not seem high, but this does translate to at least two employees at a company 400-strong which could undermine entire security structures and defenses with the click of a button.

In response to such threats, many SMEs are turning to cloud solutions to bolster their security. In 2014, roughly half of small to mid-sized businesses said they utilized cloud services; this figure is now closer to 70 percent and adoption is still on the rise.

"Incremental change is better than no change," Cisco says. "In short, they should not let a desire to be "perfect" in their security approach get in the way of becoming "better." Perfect, as in all things, does not exist."

"Small/midmarket businesses also must understand that there is no "silver bullet" technology solution to solve all of their cybersecurity challenges," the company added. "The threat landscape is too complex and dynamic. The attack surface is always expanding and changing. And, in response, security technologies and strategies must continually evolve as well."

ZDNet

You Might Also Read: 

What Every Small Business Should Know About Hackers & Cybersecurity:

 

 

« UK Newspaper Industry Demands Levy On Tech Firms
Machine Learning Algorithms & Police Decision-Making »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Feedzai

Feedzai

Feedzai provide software that uses big data analysis and machine-based learning to prevent fraud in ecommerce.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

SentinelOne

SentinelOne

SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity.

Sepior

Sepior

Our vision is to make Sepior the leading provider of cloud-encryption software in the world.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

Commonwealth Cybercrime Initiative (CCI)

Commonwealth Cybercrime Initiative (CCI)

The CCI unites 35 international organisations contributing to multidisciplinary programmes in Commonwealth countries. These organisations form the CCI Consortium.

Corsa Security

Corsa Security

Corsa Security is leading the transformation of network security with a private cloud approach that helps scale network security services with unwavering performance and flexibility.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

Casque SNR

Casque SNR

CASQUE SNR is the next generation of Identity Assurance that has potential to supersede existing solutions. It provides Identity Assurance for both people and things.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

riskmethods

riskmethods

riskmethods helps you proactively identify, assess and mitigate supply chain risk. You need to master supply chain risk management—we can help.

VISTA InfoSec

VISTA InfoSec

VISTA InfoSec is a global Information Security Consulting firm with offices based in US, UK, Singapore and India.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

Alethea

Alethea

Alethea is a technology company helping companies, nonprofits, and democracies protect themselves from harms stemming from disinformation and social media manipulation.

Auxilion

Auxilion

Auxilion is an award-winning provider of consulting and IT support services, technologies and consulting for public and private organisations in the UK and Ireland.

Bell Canada

Bell Canada

Bell is the leading provider of network and communications services for Canadian businesses and the partner for delivering network, IoT, cloud, voice, collaboration and security solutions.