Cyberattacks are often thought of as being a problem just for large organizations. But a new study by the Ponemon Institute , sponsored by Keeper Security , shows that small businesses increasingly face the same cybersecurity risks as larger ones.
The number of attacks is on the rise -- with 67 percent experiencing a cyberattack and 58 percent experiencing a data breach in the last 12 months.
Yet nearly half of respondents (47 percent) say they have no understanding of how to protect their companies against cyberattacks.
As SMBs become more vulnerable, the risk of employees and contractors causing a data breach or ransomware attack is simultaneously increasing -- 60 percent of those surveyed cited a negligent employee or contractor as being the root cause for a breach, compared to 37 percent pointing to an external hacker. More worrying, 32 percent of respondents assert that their companies could not determine the root cause of a data breach they have experienced in the past 12 months.
40 percent say their companies experienced an attack involving the compromise of employees' passwords in the past year, with the average cost of each attack being $383,365. Accordingly, 19 percent more IT and security professionals consider password protection and management to be increasingly critical this year compared to last.
"More SMBs are experiencing highly sophisticated and targeted cyberattacks. There is a failure to use strong passwords, two-factor authentication and unique passwords for every website, application and system. This is exposing SMBs to cyber criminals," says Darren Guccione, CEO and co-founder of Keeper Security. "The results of the 2018 State of Cybersecurity in Small and Medium Size Businesses study underscore the critical importance of implementing a secure password management solution to protect not only SMBs' sensitive digital assets, but also their reputation and the longevity of their business operation."
Among other findings, SMBs continue to struggle with lack of personnel and budget, 74 percent of respondents say they don't have the appropriate personnel and 55 percent lack sufficient budget to effectively mitigate cyber risks.
The respondents who believe they are 'highly effective' at mitigating risks, vulnerabilities and attacks have bigger budgets and more in-house expertise. These companies also dedicate a higher percentage of their IT budget to cybersecurity.
You can find out more in the full report which is available from the Keeper Security website.
Image Credit: ra2studio / Shutterstock