We live in desperate times when malicious cyber-crimes can happen anytime to anyone, be it a person or an enterprise. The saddest part being the fact that the big corporates might make the headlines, but it is the SME that has the most to lose during the attack. And dealing with this incident can be a challenging endeavor, especially since it involves reputational and financial damage. A survey in 2019 revealed that more than 58% of executives find a cyberattack more concerning that natural calamities or a break-in. 

SMEs are an easy target for cybercriminals as they lack the capability and resources to prevent an attack and deal with the aftermath of the wave. 60% of SMEs are unable to recover from the damages of the cyberattack and shut down in 6 months. So what are the main reasons that SMEs fail to anticipate, fight, or recover from a malicious attack? Can they build robust defense strategies? Is it because they are not well equipped to implement their cyber strategy, or do they even have one in place? It may be one of these questions or a combination of all of these. The lack of skilled employees’ may further exacerbate the sheer amount of information these enterprises have to deal with on a day-to-day basis. There are also repercussions beyond financial loss because most of these SMEs have dealings with bigger conglomerates, so their clients may be indirectly affected. One example of such a data breach involves biometrics, which is, BioStar2, which exposed almost 28 million from various companies across different industries. 

Primary cyber risks 

The 2018 Micro Cyber Risk Index shows that on an average, SMEs are at higher risk of the following than any bigger conglomerates:

1. Cyber risks: These involve external threats, including malware attacks like ransomware, cryptocurrency miners, and botnet. 

2. Human capital risks: These are risks that emerge either due to lack of a trained IT security personnel or dearth of cybersecurity education within company employees.

3. Data risks: These involve loss of critical and often confidential data such as customer information and trade secrets. SMEs that handle outsourced data-related work of large organizations are vulnerable to breaches.

4. Operational risks: They involve financial damage, loss of intellectual property, and operational disruption. 

5. Infrastructural risks: They happen due to uncertainty on how to secure proper technologies like cloud services, IoT, and server environments.

Understanding the threat & its ramifications

Cybercriminals bank on the very notion of reduced security among SMEs to gain access to the treasure trove of sensitive data. Since these criminals possess a wide range of arsenals and tactics up their sleeve, they can easily con their targets through social engineering, where they pretend that they are interested in your business and pose as a client or employee, gaining direct target on the weaknesses to gain access from the website, infect the network, and subsequently ransom digital assets—otherwise known as ransomware.

Despite the fancy term associated with cybersecurity, the act is nothing but that of a conventional burglar. Apart from the technical differences, this is not different than the good old days when treasures that were kept behind locks and barrels were violated. 

Ramifications of suffering a cyberattack can vary depending on the geography and demographics of the SME. Financial loss is inevitable, and the apparent security breaches. The financial loss can be a hard blow and can be challenging to recover from. If these attacks are not covered by insurance, then the economic losses are going to be grave and a slack to recover from, and the second is the black mark on reputation, which can prove to be irreversible.  

So what causes the SMEs to fall victim to the vast majority of such cyberattacks?

  • Lack of sufficient security and measures 
  • Lack of trained personnel to mitigate such risks
  • Data that hackers might find valuable
  • Connect to the supply chain of a more prominent conglomerate and can be leveraged to break-in
  • Neglect to use the third party back up, making them vulnerable to ransomware

What is alarming are the stats of SMEs being prey to cyberattacks:

1. There is a 422% increase in authentic and new data breaches in small business

As per a cyber-security firm, 4iQ in its 2019 Identity Breach Report reflected that cybercriminals targeted small businesses in 2018, but the figure went up to 425% more in 2019.

2. 43% of all data breaches take place in SMEs

Verizon’s most recent Investigation report on Data Breach shows that almost half of all breaches affected SMEs, and this statistic in itself doesn’t require any more explanation!

3. 83% of SMEs lack funds to deal with the aftermath of a cyberattack

InsuranceBee surveyed over almost 1,300 SME owners, and it reflects that 80% of businesses lack the financial back up to recover from a data breach or a cyberattack. Out of them, only 17% have considered the legal and reputational damage that such an attack might impose on them.

4. An average cyberattack has a price tag of almost $3 million

When it comes to calculating the cost of such a cyberattack, many considerations must be taken into account. These include the ransom cost these criminals might demand you to pay, loss of lost data, sustained system outages, downtime, non-compliance fines, legal fees, potential lawsuits, etc. The 2018 State of Cybersecurity in Medium & Small Size Business report states that downtime accounts for about $1.56 million out of those $3 million costs.

5. During a breach SMEs experience up to 8+ hours of downtime

A study by Cisco showed that 40% of midmarket companies with 250–500 employees experienced over 8 hours of system downtime due to severe security breaches in 2018.

6. 1 out of 323 emails to small businesses are malicious

A recent study in 2019 by Symantec reflected that employees of smaller organizations are more likely to be hit by email threats—in the form of phishing, spam, email malware, etc. that are even more malicious—than those who work at larger organizations. 

In conclusion- don’t get phished

For SMEs, email is the most commonly attacked platform to be exploited as it acts as a vector, costing SMEs millions, sometimes billions of dollars. Given the size of the enterprises, it becomes almost impossible for them to get back after such a malicious attack. SMBs are also at risk because most of them (70% of respondents) do not have a complete inventory of all third parties with whom they share sensitive and confidential information. To know more about, you can download our latest whitepapers on security.