A new report from the National Cyber Security Alliance sheds some light on how prepared small and medium size businesses are and what the aftermath of a data breach really looks like.
When 1,000 small business owners open up to talk about cybersecurity, it’s probably a good idea for every other small business to take note. In a just-released report on the state of cybercrime in small businesses by the NCSA, the findings about just how poorly small businesses are able to withstand a data breach is truly shocking. According to the data, the percentage of small businesses that have experienced a data breach in the last 12 months ranges from 11 percent in the very small business, to 44 percent in midsized businesses, with 28% as the average. Of these businesses, this was the outcome:
- 69 percent were offline for a limited time
- 37 percent of businesses suffer a financial loss
- 25 percent file for bankruptcy
- 10 percent go completely out of business
With such destructive results, surely the SMB is prepared, right? According to the data, nearly half of businesses (46%) feel they are prepared to respond to an incident, but – clearly – with the outcomes listed above, it’s evident that SMBs are unprepared to prevent a data breach.
The good news is 83 percent of SMBs put some kind of security awareness training in place, in most cases (69 percent) it’s less than 8 hours annually. SMB organizations wanting to avoid data breaches are on the right path; just not far enough along it. Security Awareness Training is an effective way to reduce the risk of successful phishing attacks, as 96% of data breaches start with an email attack. Educating users on what to look for, methods and tactics used, and the importance of their role in the organization’s security all will help keep SMBs secure and operational.