A Greek maxim goes that there are three things one should be afraid of, namely “Fire, woman and the sea” (Πῦρ, γυνὴ καὶ θάλασσα). Well, the cyber version might go something along the lines that cybercrime and data breaches are “more devastating” and detrimental to small- and medium-sized businesses (SMBs) in the United States (U.S.) than natural disasters – fire, floods and transit strikes – combined.
But however you slice it and dice the numbers on the financial impact of cyberattacks, it doesn’t make for pretty reading.
Moreover, a data breach could well be fatal and end a SMB’s business, while others remain unaware of the catastrophic potential, according to a new survey on cyberattacks and their impact on American businesses with employees numbering from 1-9 up to 200-250 per organization.
Indeed, AppRiver’s inaugural Cyberthreat Index for Business Survey found that the majority of executives (58%) at SMBs across the U.S. are more concerned about “suffering a major data breach” than they are a flood, a fire, a transit strike or even a physical break-in of their office.
Cybercrime is hardly out of the news these days and one thing is certain that it’s unlikely to be going away anytime soon.
The cost globally of a data breach for enterprises had risen 11% in 2017. And, according to a recent study from Kaspersky Lab, which also monitors the landscape, the average cost in 2017 of a data breach in North America was shown to have increased to $1.3 million (2016: $1.2 million) for large enterprises and $117,000 for small and medium-sized enterprises or SMBs. But it could be the tip of the iceberg.
It should be pointed out that data for this analysis was compiled from a survey of more than 5,000 businesses across thirty countries. A representative sample, but there many other companies out there. And, there are various numbers bandied about the dollar impact on businesses, so it hard to exactly know the precise number.
More broadly, according to the U.S. Small Business Administration, a government agency that provides support to entrepreneurs and small businesses that has a mission “assisting in the economic recovery of communities after disasters”, in 2018 there were 58.9 million small- to medium sized businesses in the U.S. that employ almost half (47.5%) the nation’s workforce. And, they were the target of 2 out of 3 of all cybercrimes.
The figure in the Cyberthreat Index for Business Survey jumps to 66% when measuring large SMBs (150-250 employees) that now fear data breach as “more detrimental” than traditional disasters for businesses.
Scored on a 100-point scale, the Cyberthreat Index for Business reveals that SMBs in America currently perceive a “high-to-very high” level of cyberthreats and vulnerability. In the first quarter (Q1) of 2019 the inaugural index came in at and registered at 59.8 out 100.
Dave Wagner, CEO of Zix Corporation, parent company of AppRiver, commenting in the wake of the study’s findings, said: “In today’s digital age, businesses rely more heavily on their intellectual assets than physical properties – bringing cybersecurity to the forefront. The AppRiver Cyberthreat Index for Business Survey findings punctuate this evolution of American business, and also illustrate areas where business leaders are unprepared for cyberattacks.”
Zix Corporation announced this January its intention to acquire Florida-based cloud cybersecurity firm AppRiver, which was founded back in 2002, in an all-cash deal worth $275 million. The company provides subscription-based email and Internet security services, which include spam and virus filter systems, email encryption, and secure archiving as well as Microsoft Exchange hosting.
Almost half of SMBs (48%) said that a major data breach would likely shut down their business permanently. The percentage increased significantly with 71%of financial services and insurance SMBs reporting that a major breach would be fatal to their business. Healthcare and business consulting SMBs followed at 62% and 60%, respectively.
The AppRiver survey, which covered all 50 U.S. states with the majority of participation from California, New York, Florida, Texas, Georgia, and Massachusetts, garnered respondents from 14 different industries. It was skewed more heavily towards industry sectors such as business, finance, healthcare and technology.
The survey covers SMB leaders’ views on how they regard a serious breach compared to other real world threats, who they are most fearful of for these attacks as well how, unlike large companies like Equifax, TJ Maxx, Marriott and others, a big data breach at an SMB will likely be “a mortal wound” for their company.
It was revealed that the business leaders canvassed across America are more concerned about attacks from disgruntled ex-employees than highly publicized threats from nation states, or even cyberattacks from competitors, rogue hacktivist groups or lone-wolf hackers. This was a particularly prevalent view expressed by the smallest SMBs with 1-49 employees.
Source Of Cyberthreat Feared Most (By Percentage)
Disgruntled Ex-employees 24%
Rogue Hacktivist Groups 21%
Lone-wolf Dorm Hackers 19%
Competitors Targeting Corporate IP 18%
State-sponsored Hackers 18%
While SMBs are concerned about cybercriminals, not all of them though are on high enough alert. The hospitality industry is a prime example. Despite the Marriott breach of 500 million customer records in 2018, only 28% of hospitality-sector respondents believed from this survey that their business is vulnerable to imminent threats of cybersecurity attacks. That compared to 62% of the sample’s respondents who work in technology and 47% in the financial sectors.
In the case of the U.S hotel giant, around 327 million of the 500 million Marriott customers affected, the data stolen included information such as emails, date of birth, passport numbers and mail addresses. At the time the company said that it could not rule out that credit card information had been compromised and exposed.
Similarly, it was found that only 50% of hospitality respondents believe a successful cyberattack would cast short- and long-term business losses, compared to 72% each in the financial and healthcare sectors and 71% in the technology sector.
“Today, 6 in 10 U.S. SMBs go out of business within six months of a successful cyberattack,” said Troy Gill, a senior security analyst at AppRiver. “However, I often see a sizable gap between perceptions and reality among many SMB leaders, which is again evident in the latest survey. They don’t know what they don’t know; the lack of preparedness becomes a dangerous weapon for cybercriminals.”
Dr. Eman El-Sheikh, Director at the University of West Florida Center for Cybersecurity, the regional hub for cybersecurity education and research located in Pensacola, FL., said this research sheds new light on serious issues confronting SMBs.
“The establishment of this Cyberthreat Index for Business addresses a critical need to understand organizations’ cyber vulnerability and readiness,” said Dr El-Sheikh, who teaches and conducts research related to the development and evaluation of Artificial Intelligence and Machine Learning for cybersecurity, said: “The Index provides a benchmark for small- and medium-sized businesses and leaders to measure our collective cyber resiliency and emphasizes the importance of cybersecurity workforce development.”
While the survey did not specifically ask SMBs about the capital they have invested in cybersecurity, all respondents needed to self-identify as a “key decision maker” or “influencer” in their business of the purchase of at least two cybersecurity business protection products to participate in the survey.
The authors of the survey said in that regard: “With this knowledge in mind, we know that all SMBs that responded have made some level of investment in cybersecurity.”
The AppRiver Cyberthreat Index for Business was developed by independent firms Idea Loft and Equation Research, in consultation with the University of West Florida Center for Cybersecurity, using survey data collected online in January of 2019 and covering diverse industry sectors and company sizes.
This national study has a +/- 3% margin of error, with the sample of respondents comprising 1,059 C-level executives and IT professionals in small- to medium-sized businesses and organizations. 80% of those surveyed hold titles of CEO, president, owner, CTO or head of IT.
This article originally appeared on Forbes