According to the results of a recent survey of 598 IT and IT security practitioners at small and medium-sized companies (SMBs) with less than 1,000 employees, fully 50 percent of SMBs were breached in the past 12 months.
The survey, conducted by the Ponemon Institute and sponsored by Keeper Security, also found that breached companies spent an average of $879,582 due to damage or theft of IT assets, and disruption to normal operations cost an average of $955,429.
Just 14 percent of SMBs rate their ability to mitigate cyber attacks as highly effective. The reasons for those shortcomings, according to respondents, include insufficient personnel (67 percent), insufficient budget (54 percent), insufficient enabling security technologies (44 percent), and no understanding of how to protect against cyber attacks (39 percent).
Fully 65 percent of SMBs don’t strictly enforce their password policies, and 59 percent say they have no visibility into their employees’ password practices.
“As both frequency and size of data breaches increases, SMBs must face the reality that a material adverse financial impact on their business is a real possibility,” Keeper Security CEO and co-founder Darren Guccione said in a statement.
“An SMB does not require a significant IT budget to protect their business,” Guccione added. “Training employees and utilizing essential security technologies such as password management, firewalls and anti-malware are straightforward yet extremely effective ways for SMBs to mitigate cyber risk.”
A separate Barclaycard survey of 252 small businesses in the U.K. similarly found that 48 percent had been hit by at least one cyber attack in the past year, and 10 percent had been hit by more than four cyber attacks during the same time period.
Sixteen percent of respondents admitted that they had only reviewed their cybersecurity posture after they were hit by an attack.
Only 20 percent of respondents said they see cyber security as a top business priority, and 10 percent have never invested in improving the security of their website.
While 54 percent of respondents said they’re concerned they could be at risk from an attack, only 13 percent said they’re confident that they understand enough about cybercrime to protect their business, and just 15 percent said they’re very confident that they have adequate security measures in place.
“Businesses of all sizes face a constant and growing threat from cybercrime,” Barclaycard product director Paul Clarke said in a statement. “As our research shows, many small businesses are failing [to] take the necessary precautions, either because they don’t know how to protect themselves or, more worryingly, because they don’t think they need to.”
“Cybersecurity is not a one-off investment that can then be forgotten about, especially as criminals are becoming increasingly sophisticated in the way they target businesses,” Clarke added.
A recent eSecurity Planet article offered 10 tips on mitigating data breaches.