There is a perception gap about how vulnerable small businesses are when it comes cyberattacks. The cybersecurity statistics from the 2019 SMB Cyberthreat Study from Keeper Security leaves no doubt of this fact.
In the report, 66% of decision-makers say they are not very or at all likely to experience a cyberattack. That is good and well, but a Ponemon Institute and Keeper Security survey revealed 67% of businesses were attacked in the last year.
More than the same amount of people who don’t think they will be attacked are attacked. So, where does this misconception of threat vulnerability come from? According to Darren Guccione, CEO, and co-founder of Keeper Security, this is a crisis.
In the press release for the report, Guccione adds the vulnerability businesses face won’t get better until cybersecurity becomes a priority. He goes on to say, “Our Cyberthreat Study findings show that many companies don’t know where to start with cybersecurity prevention and even more don’t think they will fall victim to an attack, but it’s time they dramatically change their perspectives and put a plan in place.”
In the report, Keeper points out the top six things the company learned from the survey.
Topping the findings, businesses don’t have cybersecurity on the to-do list. To this day, most of the respondents or 60% say they don’t have a cyberattack prevention plan.
Even more distressing, only 9% rank the issue of cybersecurity as a top business priority. And the findings don’t get better, because, double this amount or, 18% rank cybersecurity as their lowest priority.
If you think this lack of awareness is only prevalent in the rank and file of a business, it isn’t. When it comes to CEOs, corporate chairs and owners, only 7% of them say a cyberattack is very likely. And close to half or 43% say a cyberattack is not at all likely. Keeper says this is higher than any other management group surveyed.
The other findings are:
- Leaders underestimate cyber risks and think they have better things to do.
- The problem starts at the beginning. This means businesses don’t know where to start. Twenty-five percent say they don’t even know where to start with cybersecurity.
- Misconceptions about vulnerabilities are real. Respondents in the survey say I’m too small, too new, too unappealing to be targeted.
- There is a lot of confusion about the job of cybersecurity. Thirty-three percent believe company leadership is responsible for cybersecurity.
- Passwords policies and sentiment are improving. Sixty-nine percent associate passwords with security, they think it is the first line of defense against an attack.
Password Security is a Strategic Prevention Plan
Passwords are ubiquitous, but not everyone is fully aware of the role it plays in cybersecurity. Keeper says 81% of breaches are caused by a weak or stolen password. Therefore, a strong password policy with robust governance can help prevent breaches.
However, there is a disconnect when it comes to understanding the importance and value of having a strong password policy.
The good news is more businesses are implementing policies. In the survey, 75% of the businesses have policies for updating passwords regularly.
Small Businesses and the Cyber Threat
The lack of awareness and threat is especially high for small businesses, as 43% of cyberattacks target them. And when they are attacked, up to 60% of small companies go out of business within six months.
So, it is not an exaggeration to say the impact can be catastrophic for small business owners. If you are a small business owner in today’s digital ecosystem, you must make cybersecurity a priority.
The cybersecurity statistics in the Keeper Security survey points just how unprepared businesses are for cyberattacks.
A very telling fact in the survey is 70% of businesses operating for 10 or more years believe a cyberattack is not very likely or not likely. But you don’t have to be part of this 70%. Whether you’ve been in business for 10 years or 10 days, cybersecurity must be one of your top priorities.
With so much information about the subject, there is no reason you should be in the dark about the threats your business faces.
More in: Cybersecurity
This can mean two things: they are just optimistic or they are protected and ready. Often, they are just optimistic.