We are pleased to announce the release of a study focused on the cybersecurity threat to small and medium-sized companies (SMBs). Based on the findings, we conclude that no business is too small to evade a cyber attack or data breach. In fact, 55 percent of respondents say they experienced a cyber attack in the past 12 months and 50 percent of companies represented in this study had a data breach during the past year.
We surveyed 598 individuals in companies with a headcount from less than 100 to 1,000. According to participants in this research, SMBs face the following challenges.
• Prevalent attacks against smaller businesses are Web-based and phishing/social engineering.
• Negligent employees or contractors and third parties caused most data breaches. However, almost one-third of companies in this research could not determine the root cause.
• Current technologies cannot detect and block many cyber attacks. Most exploits have evaded intrusion detection systems and anti-virus solutions.
• Personnel, budget and technologies are insufficient to have a strong security posture. As a result, some companies engage managed security service providers to support an average of 34 percent of their IT security operations.
• Determination of IT security priorities is not centralized. The two functions most responsible are chief executive and chief information office. However, 35 percent of respondents say no one function in their company determines IT security priorities.
• Cloud usage and mobile devices that access business-critical applications and IT infrastructure will increase and threaten the security posture of companies in this study. However, only 18 percent of respondents say their company uses cloud-based IT security services and most password policies do not require employees to use a password or biometric to secure access to their mobile devices.