Did You Know That 30% of SMEs Lack an Incident Response Plan?
With the number of cyber-attacks reaching well above tens of millions on a daily basis, cyber security should be at the top of mind for nearly every modern business.
However, a new report released by Experian shows that this simply is not the case, especially when it comes to small and medium enterprises.
But why are these businesses in particular so slow to adopt best practices when it comes to dealing with the rising cyber threat? What makes their situation in particular so dangerous in the world of cyber-attacks?
And most importantly, how can small businesses shift their focus to make their survival in the digital world all the more likely?
The “Not A Target” Mentality
Before getting into how SMEs can put up a fight when it comes to cyber security, it’s important to realize just why these businesses are so at risk today.
And the “not a target” mentality is definitely one of the main contributors here.
The Experian report showed that among the respondents surveyed, 51% didn’t think creating an incident response plan should be a priority. What’s more, 39% thought their company wasn’t at risk of an attack.
This, however, is dead wrong. Market Inspector found that 74% of SMEs have experienced at least some kind of cyber-attack.
What’s more, nearly half of all cyber-attacks end up targeting SMEs specifically for a variety of reasons:
- They’re more likely to pay ransoms
- Their defenses are generally easier to circumvent
- They likely do not have the kind of sophisticated logging technology required to hunt down a cyber-attacker
As such, small businesses are actually becoming the target of choice for many cyber-terrorists today and overcoming the “not a target” mentality is the first step in dealing with cyber-security proactively and realistically.
The Great Resource Divide
Another major factor in the particular vulnerability of small businesses is the fact that these enterprises are often much tighter on resources than larger companies. As such, they often lack the funds necessary to devote specifically to cyber security.
In fact, the Experian report found that 20% of the surveyed companies simply didn’t have the budget to create an incident response plan.
Even when such systems are in place, an insufficient budget is increasingly becoming a major concern for many businesses. One survey conducted by Netwrix found that 54% of respondents cited a lack of proper funding to bring their defenses up to an acceptable level.
What’s more, the relative financial impact of a data breach can be much more significant for a small business than for a larger one. One study actually found that a whopping 60% of small companies end up closing shop within half a year of a cyber-attack.
As with most things then, money plays a pretty big role in why small businesses tend not to be prepared for when a cyber-attack hits.
The Lack of Cyber Security Talent
Another major player in why small businesses are disproportionately targeted by cyber-terrorists is that their defenses are usually not nearly as sophisticated as those of larger companies. One of the main contributors to that fact is that cyber-security professionals are in such high demand today.
To put things into perspective, there was a 0% unemployment rate among cyber-security professionals in 2016 along with about 1 million unfilled positions. What’s more, this number is estimated to rise to an alarming 3.5 million job openings in cyber security in 2021.
As the need for cyber security professionals rises faster than the supply, the cost of employing these professionals grows ever higher. And for many small businesses, the funds required to hire a cyber security specialist may need to be funneled into other areas of the business simply to keep it afloat.
As such, small businesses are at a significant disadvantage in that they typically won’t have the resources necessary to attract the right kind of cyber-security talent.
Underestimating the Threat
Many small business owners are also misinformed about just how disastrous a data breach can end up being for a company.
The average cost of a data breach comes out to around $411,000 for small businesses. However, many small business owners think that this cost is actually far less – around $170,000 less to be more exact.
This aspect is critical for small businesses today to understand. What’s more, it’s also crucial to realize that implementing cyber security defenses like creating incident response plans and playbooks is far more cost effective than waiting for disaster to strike and dealing with the fallout.
There are also a number of relatively simple actions that nearly any small business can take in order to help reduce the likelihood of an attack as well as the damage that occurs as a result.
For instance, regularly updating software can be an absolute game changer as doing so helps patch up critical security vulnerabilities. Varying up your login credentials among different systems is another important (and simple) preventative measure that can make a hacker’s job even harder. And finally, educating your employees on how to spot a phishing attempt can save you a lot of trouble down the road.
For more tips on how to give your small business a cyber security boost, have a look the suggestions provided by the Federal Communications Commission.
Cyber Security & Small Businesses: A Growing Threat
The digital landscape is unforgiving for small businesses today. The fact that more of these companies are being targeted by cyber-terrorists goes to show that there are a number of inherent vulnerabilities that small business owners face and larger companies do not.
And while the dangers might be more substantial for small businesses, there are a number of techniques nearly any business can employ to help reduce the likelihood of a breach.
But most of all, simply recognizing the fact that any and every business is at risk in an increasingly hostile digital world is the first step on the road to a more secure business.