More than 50% of the 600 small and mid-sized businesses (SMBs) in North America recently surveyed by the Ponemon Institute have been breached in the last 12 months, according to the institute.

Only 14% of the companies surveyed rated their ability to mitigate cyber attacks as highly effective. Confidence in SMB cybersecurity posture is so low mainly because personnel, budget and technologies aren't sufficient, says the report, which was sponsored by Keeper Security. In addition, IT security priority determination is not centralized to one specific function in a company, therefore reducing accountability and resulting in less-informed decision making.

The most common attacks against smaller businesses are Web-based and involve phishing and social engineering breaches, the study says. Widely adopted technologies such as anti-virus are still useful, but they can not be depended on to protect against exploits and cyber attacks. Three out of four SMBs reported that exploits have evaded their anti-virus solutions.

The study found that SMBs have a major lack of control and visibility when it comes to employee password security. Strong passwords and biometrics are thought to be an essential part of a security defense. But 59% of respondents say they have no visibility into employees' password practices and hygiene and 65% do not strictly enforce their documented password policies.

"We've conducted many surveys on enterprise cybersecurity in the past but this unique report on SMBs sheds light on the specific challenges this group faces," said Larry Ponemon, chairman and founder of the Ponemon Institute. "Considering the size of the SMB market in the United States alone, this information can be useful to diminish the risk of breach to millions of businesses."

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access