SMB cyberattacks on the increase

66% of SMBs globally reported a cyberattack within the past 12 months.

  • Thursday, 10th October 2019 Posted 5 years ago in by Phil Alsop

For the third consecutive year, small and medium-sized businesses (SMBs) have reported a significant increase in targeted cybersecurity breaches. A newly released global survey conducted by the Ponemon Institute, a world-renowned independent research organisation, found that attacks against U.S., U.K. and European businesses are growing in both frequency and sophistication. Further, nearly half (45%) of the 2,000 respondents described their organisation’s IT posture as ineffective, with 39% reporting they have no incident response plan in place. 

The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report underscores growing cybersecurity concerns best illustrated through the year-over-year trends dating back to 2016. The survey, commissioned by Keeper Security, measured responses from 2,391 IT and IT security practitioners in the U.S., U.K., DACH, Benelux, and Scandinavian. 

“Cybercriminals are continuing to evolve their attacks with more sophisticated tactics, and companies of all sizes are in their crosshairs," said Dr. Larry Ponemon, chairman and founder, The Ponemon Institute. "The 2019 Global State of Cybersecurity in SMBs” report demonstrates cyberattacks are a global phenomenon- and so is the lack of awareness and preparedness by businesses globally. Every organisation, no matter where they are, no matter their size, must make cybersecurity a top priority.”  

Significant 2019 Findings: 

  • Overall, attacks are increasing dramatically – 65% of U.K. companies were attacked within the last 12 months, up from 59% in 2017. Globally, 66% of respondents reported attacks in the same timeframe. 
  • Attacks that rely on deception are rising – Overall, attacks are becoming more sophisticated, with phishing (57%), compromised or stolen devices (33%) and credential theft (30%) among the most common attacks waged against SMBs globally. 
  • Data loss among the most common impact – Globally, 63% of businesses reported an incident involving the loss of sensitive information about customers and employees in the past year. That number is 66% in the U.K. – an increase from 51% in 2017. 

“More businesses are experiencing highly-targeted, sophisticated and severe cyberattacks than ever before, yet the results of our study show they aren’t doing enough to close the gap,” said Darren Guccione, CEO, and co-founder of Keeper Security. “We sponsor this annual research with Ponemon because we want SMBs to understand that no target is too small for cybercriminals and it’s not enough to simply be aware of the cyberthreats that exist. It’s absolutely critical that these businesses take the next step toward cybersecurity preparedness and get a strong prevention strategy in place.” 

New Technologies, New Cybersecurity Risks 

SMBs globally are adopting emerging technologies like mobile devices, IoT and biometrics despite a lack of confidence in their ability to protect their sensitive information. Nearly half (48%) of respondents access more than 50% of their business-critical applications from mobile devices, yet virtually the same portion of respondents (49%) said the use of mobile devices to access business-critical applications diminishes their organisation’s security posture.  

In addition, a large majority of respondents (80%) think it’s likely that a security incident related to unsecured IoT devices could be catastrophic, yet only 21% monitor the risk of IoT devices in the workplace. The study also suggests biometrics may be becoming mainstream; three-quarters of SMBs currently use biometrics to identify and authenticate or have plans to do so soon.