Cybercriminals are gunning for businesses of every size. In today’s booming dark web markets, the data that your business has including user records, financial information and identity documents are a powerful lure for bad actors who want to make a quick buck and reuse it to facilitate even more cybercrime. But today’s risk atmosphere is especially dangerous for small and medium businesses (SMB). A record-breaking overall cybercrime rate combined with skyrocketing incident recovery costs and the challenges of securing a dynamic workforce have formed a perfect storm of risk. These SMB cybersecurity statistics illustrate just how dangerous this storm can be – and how you can protect your business effectively without breaking the bank.
Major SMB Cybersecurity Challenges
For companies with a small staff, one insider threat is a major risk. The majority of insider threats are non-malicious, accidental flubs that can’t be helped. But unfortunately, not everyone on your team really has your best interests at heart. Altogether, insider threat data breach risk rose about 40% in 2020, tripling in the last three years – and malicious insider actions are responsible for almost 25% of confirmed breaches. This can hit SMBs disproportionately hard. With fewer hands on board, more people have a larger scope of work, and that means that more people have access to sensitive data and systems. Those outsize risks come with equally outsize consequences. According to IBM and the Ponemon Institute’s The Cost of Insider Threats Global Report 2020, the average cost of an insider threat to small organizations (500 employees or less) was $7.68 million.
Ransomware is the monster under the bed for cybersecurity teams. A favored tool of cybercriminals, ransomware is employed by nation-state threat actors as well as small-time gangs. This versatile weapon can be used to disrupt infrastructure like we recently saw with Colonial Pipeline as well as stop factory production, encrypt systems and steal data. An estimated 61% of organizations worldwide experienced a damaging ransomware incident in 2020, a 20% increase over the same period in 2019. A successful ransomware attack is inevitably an expensive, disruptive disaster, and the pace is not slowing down. Ransomware attacks in 2021 are already up more than 300% over the same period last year, beating 2020’s record-setting pace.
Most of today’s nastiest cybersecurity incidents all start with a phishing email. In fact, 90% of incidents that end in a data breach start with a phishing email. A huge increase in the volume of email trafficked since March 2020 has created a wealth of opportunity for cybercriminals to perpetrate phishing schemes, and they haven’t been idle. Phishing attacks can quickly turn into dangerous and expensive disasters like business email compromise (BEC), brand impersonation, credential compromise, ransomware and other malware. While many companies do engage in phishing resistance training, they often fail to refresh it often enough. Experts recommend that employees take 11 courses per year for maximum efficacy. Haphazard training often reflects a poor cybersecurity culture that enables bad behavior like sloppy email hygiene by employees. In a 2020 survey of 1,000 employees, a disturbing fact stands out: 96% of employees are aware of digital threats like phishing, but 45% click emails they consider to be suspicious anyway.
10 SMB Cybersecurity Statistics That Every Business Needs to Know
In a rapidly evolving threat landscape, it’s important to keep a few facts in mind when considering the best solutions to secure business systems and data. Here are 10 SMB cybersecurity statistics that every business needs to know.
- Two in five SMBs were impacted by ransomware in 2020.
- Business email compromise rose by 14% overall in 2020 and up to 80% in some sectors.
- 34% of data breaches involved internal actors
- 60% of the information available on the Dark Web could potentially harm enterprises.
- Supply chain attacks have increased by 78%.
- The most common type of BEC scam is invoice or payment fraud.
- 41% of respondents in a survey of business owners had a cybersecurity mishap related to COVID-19.
- 47% of businesses reported experiencing five or more attacks in 2020.
- An estimated two-thirds of breaches are a result of supplier or third-party vulnerabilities.
- More than 60% of employees use the same password across multiple work and home applications.
As is clearly illustrated by our 10 SMB cybersecurity statistics above, today’s SMBs are facing new threats around every corner. Creating a healthy cybersecurity culture is essential for defending businesses from cybercrime. By making cybersecurity a priority and training everyone to recognize threats, you’re making every employee feel like they’re part of the security team too. This is especially important in a tumultuous threat landscape. in the last 12 months, the epic changes that businesses have faced serve as a strong illustration of why building a strong cybersecurity culture staffed by security-savvy employees can be a game-changer for SMBs in every sector. Maintaining agility, building cyber resilience and empowering staffers to pivot quickly in the face of new challenges should be every organization’s goal in 2021.
A record-breaking overall cybercrime rate combined with skyrocketing incident recovery costs and the challenges of securing a dynamic workforce have formed a perfect storm of risk.
At the center of building that culture is phishing resistance training. The majority of today’s nastiest, most devastating cybercrimes are phishing-based. Getting your employees on board to fight back strengthens an organization’s cyber resilience dramatically. If just one employee spots and stops a phishing email because they’re invested in maintaining a strong defense, that can save a company millions of dollars as well as uncountable headaches in recovering from a cyberattack.
Secure identity and access management is also crucial for keeping systems and data safe. By adopting an access control solution that includes multifactor authentication (MFA), businesses can add strong protection against intrusion by hackers and credential thieves. An estimated 99% of password-based cybercrime can be stopped in its tracks just by adding MFA to your security plan. The other half of guarding against credential compromise is making sure that unpleasant password-based cybercrimes aren’t heading your way from the Dark Web. Using a real-time, always-on monitoring solution is a smart way to keep an eye on potential new dangers.
Now that you’ve reviewed some essential cybersecurity statistics, let us help you gain an edge against sophisticated cybercrime and strengthen your overall security by contacting us at 888.782.7003 or by emailing firstname.lastname@example.org today! To learn more, schedule a 15-minute consultation with one of our Senior IT Consultants so we can answer any questions you may have!
– ID Agent