As we speak to our clients, cyber security is clearly top-of-mind for small business leaders, regardless of industry. This aligns with IBM President and CEO Ginni Rometty’s description of cybercrime as “the greatest threat to every profession, every industry, every company in the world.”
Verizon’s 2016 Data Breach Investigations Report concurs with this description, summarizing the cyberthreat environment: “No locale, no industry or organization is bulletproof when it comes to the compromise of data.”
Despite these alarming declarations, many people tend to think, “it won’t happen to me” until it’s too late. As Bryan Seely, a network engineer famous for hacking into the FBI, said, “Most small-business owners don’t think they’re at risk. As a result, it’s fair to say they are indeed ill-prepared to safeguard against an attack.” Because of this prevailing attitude, seeking support from the C-suite for increased security investments can be a challenge. Concrete numbers can come in handy to receive buy-in from leadership.
Here are a few statistics to help make your case:
Cyber Security: A State of the Union
Between January and September 2016, ransomware attacks on business increased from once every 2 minutes to once every 40 seconds.
In a global study of sample organizations, the average time to detect a malicious or criminal attack was 170 days.
According to the Ponemon Institute’s 2016 Cost of Data Breach Study: Global Analysis, which queried 383 organizations that suffered at least one breach in 2016, the average cost per breach was $4 million. That figure rose to $7 million in the U.S.
According to IDG’s Global State of Information Security Survey 2016, the financial hit resulting from theft of trade secrets ranges from 1 percent to 3 percent of an entire nation’s gross domestic product (GDP). The annual cost ranges from $749 billion to $2.2 trillion.
In this same Survey, IDG detected 38 percent more cybersecurity incidents than the year prior.
Cyber Security & Small Businesses
According to a recent Manta survey, 87 percent of small-business owners don’t feel that they are at risk of a cybersecurity attack. One in three small businesses does not have the tools in place — firewalls, antivirus software, spam filters or data-encryption tools — to protect themselves.
An estimated 52% of data security breaches in small businesses are caused by system failure or human error.
According to Keeper Security’s 2016 State of SMB Cybersecurity Report, 50 percent of small and midsized organizations reported suffering at least one cyberattack last year. The average cost of a data breach totaled $879,582, and the organizations spent another $955,429 to restore normal business in the wake of attacks.
According to the same Keeper Security report, 60 percent of employees use the exact same password for everything they access. Meanwhile, 63 percent of confirmed data breaches leverage a weak, default, or stolen password.
60 percent of small companies go out of business within six months of a cyber attack.
Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities, and attacks as highly effective.
While these statistics may be alarming, organizations are certainly taking action. Global spending to combat cybercrime exceeded $80 billion in 2016, with organizations increasingly focusing on detection and response.
Here in South Bend, we are implementing security awareness training, disaster recovery testing, anti-virus and firewall protection, as well as software patch management and OpenDNS cloud security strategies for small businesses and non-profits alike. There is no one silver bullet to cyber security, but by taking this kind of layered approach to security, you give yourself the best chance to avoid becoming one of these statistics.