How would you feel if you were told you would be vulnerable to an imminent car crash? Or imminent food poisoning? Or even just imminent chance of slipping on a banana peel?
Most might want to do something preventative and effective against the looming danger. Who would want to take their chances in the face of unfavorable odds and live perpetually in fear?
For many small-to-medium sized businesses (SMBs) in the U.S., this may be a fact of life. In the latest AppRiver Cyberthreat Index for Business Survey, 45% of all C-level executives and IT decision makers in small-to-medium sized businesses say they feel vulnerable to imminent cyberattacks. The survey was conducted in the first quarter of 2019 among 1,059 SMBs nationwide. In some industry sectors, the propensity of SMB leaders to feel imminent cyberthreats is higher, among them include:
- Transportation and logistics: 65%
- Technology: 62%
- Manufacturing: 50%
- Financial services and insurance: 47%
- Healthcare and pharmaceuticals: 47%
Among larger SMBs with 150-250 employees, 56% believe they are vulnerable to imminent cyberattacks.
This all may sound unsettling for an SMB leader, when nearly half believes their likelihood to be targeted in a cyberattack is imminent. But that’s not the worst news. What’s worse is that the other half, who are more optimistic, are also likely wrong.
In the same AppRiver survey, 71% of all SMBs reported their business has been targeted in at least one cyberattack within the past quarter. In another survey – the 2018 State of Cybersecurity in Small and Medium Sized Business Study – 67% have experienced email-based cyberattacks alone. So when just fewer than half of all SMBs believe they could be subjected to imminent cyberattacks, we’re looking at a glass-more-than-half-full scenario.
As digital data storage increases among businesses, so does the financial incentive for cyber criminals. This applies to businesses of all sizes. SMBs are particularly attractive to hackers given their limited resources for prevention, detection and cyberthreat response. Attackers are certainly fine with stealing from several targets what they may otherwise gain from a single victim, as long as at the end of the day their coffers are filled.
In addition to tracking more advanced malware attacks targeted at SMBs, Troy Gill, senior security analyst at AppRiver, said he also noticed a rise in social engineering in the small-business community. “We see new customers coming to AppRiver after falling victim to a Business Email Compromise (BEC) attack when they unknowingly transferred large sums of money to attackers. One in particular recently lost nearly a million dollars,” said Gill. “With the average cost per BEC attack estimated at over $130,000, this can be a blow many SMBs simply could not afford, or may never recover from.”