The State of SMB Cyber Security
Gone are the days when cybercrime was exclusively a big business problem. In the modern workplace, all businesses are at risk, regardless of their size or industry. Today, we recognize that implementing a cyber security program, much like hiring people and growing sales, is an essential part of running our companies.
With 43% of cyberattacks targeted at SMBs, it’s not surprising that many have identified cybersecurity as a priority. And while most of us have deployed protections, it is challenging to know if you have the right balance of protection relative to your risk.
Here are 4 key findings from research conducted by Microsoft:
01 Businesses understand that cybercrime is a problem, but understate the severity of the threat and overestimate their preparedness
The vast majority of businesses (85%) cite cybercrime as a concern, and more than half (56%) believe it is a top priority. Businesses are backing up this belief with action. Most have begun to invest both time and dollars into protecting their company from hackers and other malicious actors.
However, when you look a little deeper, it becomes clear that many have underestimated their risk. 74% of businesses don’t believe they are likely to be attacked at all and that corporations are two times as likely to be attacked.
90% of businesses say they have the right protections in place to prevent an attack, and those with more than 50 employees are even more confident. It is encouraging that businesses are investing in security, but the reality is that they are at greater risk than they think. Nearly half (41%) have been attacked
02 Small and medium-sized businesses are just as likely to be attacked as large corporations
For solutions that do cost money, businesses allocate about 15% of IT budgets go to cybersecurity, and 21% plan to increase how much they spend protecting the company. Businesses recognize that this investment is worth it because three out of four know that it costs more to recover from an attack than it does to prevent one.
03 Employees can be a business’s biggest protection and also their biggest threat
As a small business owner, you face many of the same threats as larger businesses, but also unique challenges.
Given the number of security events tied to employees, businesses run the risk of underestimating the threat of employees leaking data or sharing sensitive information, whether maliciously or accidentally.
Insider threats take several forms. Employees or partners may find it more convenient to transfer sensitive data using personal email or an unsecure cloud drive, not realizing the risk to your company. In fact, 30% of security events are attributed to careless or uninformed employees. More alarming is the roughly 36% of attacks where a malicious employee steals sensitive data.
04 Businesses have begun taking steps to protect themselves and there is a set of solutions and practices available to them
Most small and midsize businesses don’t have the same scale of resources to combat security threats and implement cyber security solutions as larger entities.
Fortunately, there are right-sized solutions and strategies designed to overcome the unique vulnerabilities of smaller companies. An effective security strategy doesn’t have to be expensive—or time-consuming. With a few simple, no-cost/low-cost steps, you can make a significant impact on your company’s overall security profile. The key is to match security to your business needs and your budget.
To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.