One in three SMEs use free consumer cybersecurity tools

Globe-straddling enterprises might seem like the most obvious targets with the biggest bounty, but they are also likely to be the most fortified against cyberattacks and the best-resourced to handle the financial blow if one takes place.  

Today, no organization is safe from what are now regimented and sophisticated cyberattacks happening around the clock. Malware-as-a-service packs and email databases can now be purchased on the dark web — it’s not an elite and villainous squad targeting businesses, it’s any man and his dog*.

And with SMEs making up more than one in ten of the business population in most places around the world, make no mistake that hackers are busy jamming their crowbars into the shop shutters. 

It’s a shock then that research commissioned by cybersecurity firm BullGuard this week found that SMEs in the UK and US and not prepared in the least for a cyberattack or breach. One-third of companies with 50 or fewer employees report using free, consumer-grade cybersecurity, and one in five companies use no endpoint security whatsoever. 

Meanwhile, while smaller businesses will take out property and workers’ compensation insurance, among a slew of other measures to mitigate the impact of unforeseen damage on their business, just 43 percent have a cybersecurity defense plan to help them manage the impact of a breach. 

All this is leaving their most sensitive financial, customer and business data, and ultimately their companies, at significant risk. Faced with operational downtime, fines from regulatory bodies, tarnished reputations, and costs associated with removing malware from systems, many SMEs seem to be scrimping on security, with their businesses’ livelihood at stake. 

Once breached, 25 percent of SME owners stated they had to spend US$10,000 or more to resolve the attack, which could be devastating for a small company. 

As for time lost, 50 percent of SMB owners said it took 24 hours or longer to recover from a breach or cyber attack, while 25 percent reported they lost business as a result, and almost 40 percent stated they lost crucial data.

“Small businesses are not immune to cyber-attacks and data breaches, and are often targeted specifically because they often fail to prioritize security,” said Paul Lipman, CEO of BullGuard. 

“Caught between inadequate consumer solutions and overly complex enterprise software, many small business owners may be inclined to skip cybersecurity. It only takes one attack, however, to bring a business to its knees.”

It’s not a case of complete ignorance. There are some perception and awareness problems, resulting in discrepancies between what SME owners believe and what’s actually happening in the market. 

Nearly 60 percent of SMB owners believe their business is unlikely to be targeted by cybercriminals, however, the results revealed that 18.5 percent of SME owners have suffered from a cyber-attack or data breach within the past year. 

Despite these numbers, many SMB owners are overly confident in the safety of their company and customer data. One in five SME owners surveyed stated their organization has zero vulnerabilities and 50 percent said their employees do not receive any cybersecurity training.

A significant number, 65 percent, of SME owners report managing their cybersecurity in-house, but less than 10 percent say they have a dedicated IT staff member. 

While chucking money at enterprise-grade cybersecurity systems can work to an extent, tackling the awareness issue first is paramount for SMEs, and there are plenty of low-cost ways to do that, from online courses, conferences, and resources, to even hiring consultants to present to teams. 

With the threat of cybercrime rising, and businesses (and their workers) holding more sensitive data than ever before, regular education and policy around the basic cybersecurity and resilience practices is a solid starting point.

*Perhaps it’s unfair to blame the dog.