For the third consecutive year, small and medium-sized businesses (SMBs) with a workforce between 100 and 1,000 employees have reported a significant increase in targeted cyber security breaches. A global survey conducted by the Ponemon Institute found that attacks against U.S., U.K. and European businesses are growing in both frequency and sophistication. Of greater concern is that nearly half of the survey’s respondents described their organization's IT security posture as ineffective and 1-in-3 reported their organizations lack an incident response plan.
The SMB cyber survey results underscore growing cyber security concerns dating back to 2016. The survey, commissioned by Keeper Security, measured responses from 2,391 IT and IT security practitioners in the U.S., U.K., DACH (Austria, Germany & Switzerland), Benelux (Belgium, Netherlands & Luxembourg), and Scandinavia (Denmark, Norway & Sweden).
“Cybercriminals are continuing to evolve their attacks with more sophisticated tactics, and companies of all sizes are in their crosshairs,” said Dr. Larry Ponemon, chairman and founder, The Ponemon Institute. “Cyberattacks are a global phenomenon and so is the lack of awareness and preparedness by businesses globally. Every organization, no matter where they are, no matter their size, must make cybersecurity a top priority.”
See Related: Quantifying The Enterprise Cost Of A Cyber Security Data Breach
Attack Sophistication And Data Loss Increasing Since 2016
Overall, three-quarters of U.S. companies were attacked in the last year, up from 55% in 2016. This compares with two-thirds of global respondents reporting attacks in the past year. These attacks are also more sophisticated. Phishing, compromised or stolen devices, and credential theft were among the most common attacks against SMBs globally. Nearly two-thirds of organizations reported an incident involving the loss of sensitive customer and employee data in the past year (69% in the U.S.; an increase from 50% in 2016).
Cyber-attacks are increasing in sophistication, severity of privacy and financial impact, and the targeted nature of key personnel. The Ponemon study suggests that the gaps are widening despite greater industry awareness and frequent media reports of data breaches. No target is too small for cybercriminals and it's not enough to simply be aware of the cyber threats that exist.
Emerging Technologies Bring New Cyber Security Risks
SMBs are globally adopting emerging technologies including endpoints (such as mobile devices, cloud and IoT) and new authentications methods (such as biometrics) despite having confidence in their current ability to protect sensitive information. Nearly half (49%) of respondents said the use of mobile devices to access business-critical applications diminishes their organization's security posture.
In addition, the majority of respondents (80%) think it's likely that a security incident related to unsecured IoT devices could be catastrophic, yet only 21% monitor the risk of IoT devices in the workplace. The study also suggested that biometrics is prevalent in SMBs with three-quarters currently deploying or planning soon for identity and authentication verification services.
See Related: Implementing Strong Authentication Does Not Guarantee An Excellent User Experience
United States Highlights
- 82% of U.S. respondents reported experiencing a cyber-attack in their organization's lifetime, which is higher than any other region in the study
- S. businesses are more confident in their in-house security expertise than any other region
- Nearly 9 in 10 (88%) U.S. respondents indicated they spend less than 20% of their overall IT budget on security
- S. businesses are nearly twice as likely to be the victim of a cyber-attack due to a company insider (77%) versus an external hacker (40%)
See Related: Cyber Security Mid-Year Snapshot 2019