The State of Small Business Cybersecurity 2022
The vulnerabilities leaving small businesses exposed to attack
Cyber attacks against small
businesses are rapidly escalating.
Are leadership teams adequately prepared for growing cybersecurity threats?
Organizational readiness is vital to successfully defend against cyber attacks. From documented policies and employee training, to cybersecurity software and expert resources, small businesses must employ a full spectrum of safeguards to effectively protect their most valuable assets.
However, with limited resources at their disposal, many small businesses neglect these fundamentals. Electric surveyed 217 senior business executives, at U.S. organizations with fewer than 500 employees, to understand the maturity of their cybersecurity efforts and assess their experiences of cyber attacks.
Certain vulnerabilities are rife among small businesses, and serious gaps exist in critical lines of defense. In many cases, avoidable lapses have been responsible for significant downtime and business costs.
Keep reading to learn which cybersecurity measures are widely implemented, which vital protections are lacking, and how cyber attacks are currently impacting small businesses.
Small Businesses Lack Cybersecurity Strategies and Policies
Of course, effective cybersecurity policies are reliant on certain protections being in place. The majority of small businesses say they have implemented antivirus, firewalls, and data backups, while multi-factor authentication (MFA) is used by just under half of organizations. There is a worryingly low uptake of password managers, VPNs, Mobile Device Management (MDM), Endpoint Detection and Response (EDR), Endpoint Protection Programs (EPP), and Single Sign On (SSO)
The frequency of data backups at small businesses is mostly in line with best practices, but storage methods need improvement. 62% perform data backups on either a daily or weekly basis, while 5% say they never carry out this practice.
As a last line of defense, cyber insurance offers small businesses a safety net in the event of a successful cyber attack. Unfortunately, just half of those surveyed have coverage, and a further 27% are unsure of their cyber insurance status. Not only are many small businesses leaving themselves vulnerable from a policy and solution standpoint, they are also failing to plan for the worst case scenario.
Employees Are Competent in Recognizing Cyber Threats
Prioritization of cybersecurity awareness evidently varies, but it appears that small businesses are taking steps to address what is typically an organization’s weakest link: employee error. However, it is worth noting that complete, robust protection cannot be achieved through awareness and training alone, especially without supporting technology in place.
Small Businesses Fail to Learn From Cyber Attacks
Ransomware is another common occurrence among survey respondents. 26% of organizations have been targeted with ransomware, of which 60% paid the ransom involved. In those cases, one third failed to retrieve the ransom payment post-attack.
Among businesses that have fought off attempted attacks, the majority attribute their successful defense to a combination of antivirus software, employee awareness, firewalls, and regular patches and updates.
Cyber Attacks Have Devastating Consequences for Small Businesses
Not only is the incidence of cyber attacks on the rise, the methods involved are becoming more sophisticated, leading to increasingly severe consequences for affected organizations. In a digital-first environment, most small businesses possess multiple targets of interest to cyber criminals, from customer data to company finances. Without adequate safeguards in place, even minor breaches can quickly snowball to produce far-reaching business impacts.
Among small businesses that have experienced cyber attacks, the most commonly reported targets include business disruption, closely followed by customer financial data, and email addresses or login credentials.
Limited resources are often blamed for inadequate cybersecurity in small businesses, but budgetary limitations are all the more reason to invest. The financial implications of an attack are likely to far outweigh the cost of preventing such incidents. When a full scale breach has the potential to dismantle an organization’s most valuable assets, cybersecurity should command a non-negotiable allocation in every small business’s budget.
Cybersecurity Gaps Leave Small Businesses Vulnerable
While some organizations make strides to strengthen their defenses, others lack the most basic essentials.
Unfortunately, this inconsistency is core to small businesses’ appeal for cyber criminals. Haphazard application of protective measures leaves organizations vulnerable to attack, and failure to learn from mistakes means repeat breaches are an all-too-common occurrence.
To contend with ever-evolving threats, small businesses require meaningful cybersecurity policies, solutions, and training. But, the reality of limited resources means a cost-effective approach is necessary.
Electric supports small businesses to secure their most valuable assets, while alleviating the demands on your internal teams. By outsourcing to our cybersecurity experts, you will access industry-leading knowledge and best-in-class software to keep your network, applications, and devices protected.
Contact us today to learn more about how you can strengthen and streamline your organization’s cybersecurity.
Electric Research and Insights Division
The Electric Research and Insights Division studies the use of IT in small and medium-sized businesses. With a focus on identifying IT challenges and opportunities, our research shares technology best practices for business leaders, as well as HR, Ops, and IT teams.