© 2019 SourceMedia. All rights reserved.

Majority of SMBs feel ill prepared to defend against cyber attacks

Small and mid-sized businesses increasingly face the same cyber security risks as larger companies, but only 28 percent rate their ability to mitigate threats, vulnerabilities, and attacks as “highly effective,” according to a study by the Ponemon Institute.

The report, sponsored by security company Keeper Security, is based on interviews with 1,045 IT and security practitioners from companies in the U.S. and U.K. in July 2018. Respondents represented companies with employees ranging from 100 to 1,000.

The number of attacks, including phishing, advanced malware/zero day, and ransomware is rising, with 67 percent of the companies experiencing a cyber attack and 58 percent experiencing a data breach in the last 12 months. Yet nearly half of respondents (47 percent) said they have no understanding of how to protect their companies against cyber attacks.

russian hacking.jpg
Red light illuminates the keys of a laptop computer at the Dreamhack digital festival in Moscow, Russia, on Saturday, Dec. 5, 2015. Dreamhack is the world's largest digital festival and meeting place for gamers, fans and e-sport enthusiasts. Photographer: Bloomberg/Bloomberg

As SMBs become more vulnerable, the risk of employees and contractors causing a data breach or ransomware attack is simultaneously increasing. A majority of businesses surveyed (60 percent) cited a negligent employee or contractor as being the root cause for a breach, compared with 37 percent citing an external hacker.

About one third of respondents (32 percent) said their companies could not determine the root cause of a data breach they had experienced in the past 12 months.

Forty percent of respondents said their companies experienced an attack involving the compromise of employees’ passwords in the past year, with the average cost of each attack being $383,365.

For reprint and licensing requests for this article, click here.