It’s true that we only hear about cybersecurity issues when they’re happening to big companies—like when Colonial Pipeline was hacked in May making both the national and local newspapers, and when a hacker recently stole more than 50 million customer records from T-Mobile. It’s big news that attracts readers and viewers. Small businesses don’t make the headlines because it doesn’t sell newspapers or keep viewers watching, so we’re left believing that only the big guys are the ones under attack.
It’s an extremely dangerous misconception that leads to most small business owners still believe that ransomware, data breaches, phishing, and other cyber threats are not something they need to worry about. But there are tons of statistics that confirm the opposite is true, and they paint an alarmingly clear picture that shows small businesses are low-hanging fruit that’s ripe for picking.
Small Businesses Are Making Themselves Easy Targets
It’s not difficult to understand why cybercriminals are motivated to attack large organizations. They store massive quantities of sensitive data, and a single minute of downtime can cost them tens of thousands of dollars. This makes them more likely to pay a large ransom just to resume normal operations. Or worse, an even bigger ransom to avoid a data breach, which could cause catastrophic losses to be both market reputation and trust.
So if that’s the case, then why is it then that 43% of cyberattacks target small businesses, as revealed by the 2019 Data Breach Investigations Report (DBIR)? On top of that, why do, according to Symantec, smaller companies have the highest targeted malicious email (phishing) rate?
The answer is painfully simple: small businesses are easy targets because they don’t realize how much they’re at risk, and they don’t take the necessary steps to address it.
The Q3 2021 CNBC | Momentive Small Business Survey reveals that 56% of small business owners are not concerned about being the target of cybercriminal activity in the next 12 months, with 59% being confident that they can quickly resolve any cyberattack.
However, their confidence doesn’t have a solid foundation because the same survey also reveals that only 28% of small businesses have a plan in place for response in the event of a cyberattack, and 42% have no plan at all.
So many small businesses neglect basic cybersecurity protection and are falsely optimistic about their ability to recover from a cyberattack because they don’t believe that companies of their size experience cyberattacks in the first place. When Keeper Security surveyed 500 senior decision-makers at various small businesses, the company discovered that 66% of them consider a cyberattack to be an unlikely issue for their business. By not giving cybersecurity the priority it deserves, small businesses are making themselves easy targets for cybercriminals.
Cybercriminals Are Exploiting COVID-19
There was a massive uptick of cybercrime in the first half of 2020. Organizations that neglected basic cybersecurity practices prior to the pandemic were in a terrible position to securely transition to remote work. In fact, around 20% of the 200 managers, directors, and C-suite executives in IT and cybersecurity roles at companies across the US surveyed by Malwarebytes for its cybersecurity report admitted that they faced a security breach as a result of a remote worker.
The arrival of remote work has not only given cybercriminals more poorly protected endpoints to target, such as employee laptops and mobile devices, but it has also increased the cost of data breaches. In fact, 2021 had the highest average cost in 17 years, according to IBM’s Cost of a Data Breach Report 2021.
That’s really bad news for small businesses, especially those that still don’t realize they’re now the top target of cybercriminal activity. Unlike large organizations, small businesses seldom have the financial resources to bounce back after a costly data breach and the expenses associated with it (such as regulatory compliance, attorneys’ fees, and loss of established business relationships). This means that the result for a small business as opposed to a large enterprise company can be not only costly, but catastrophic.
It’s Time to Take Cybersecurity Seriously
All small businesses that haven’t yet found themselves on the receiving end of a successful cyberattack should consider themselves lucky and realize their luck won’t last forever. It’s a shift in mindset that is just as unwelcomed as it is painful, and we understand that even the most objective and forward-thinking small businesses struggle with owning their part in lessening risk.
We’re here to help you overcome all cybersecurity challenges by offering the power and security of a full-scale IT department for less than a single salary. Reach out and let us help you avoid becoming the next cybersecurity victim.