The truth behind four small business cyber security myths

Posted on 19 Dec 2023 by The Manufacturer

The single greatest cyber security threat for your small business may be a false sense of security. If you underestimate risks or assume that threat actors won’t target your organisation, you’re setting yourself up for failure. Here Verizon explain why.

Every year, Verizon’s Data Breach Investigations Report (DBIR) analyses incidents and breaches from around the world to provide vital cyber security insights to help minimise your risk and keep your business safe.

Small business cyber security myths

Myth 1: Attackers only target large companies: 51% of small and medium businesses (SMBs) don’t have cyber security measures in place. Of those, 59% say their business is too small to be a target.

The cyber attacks that make the news tend to be ones that affect large organisations, but small businesses face constant attacks, too. The 2023 DBIR saw more breaches and incidents involving SMBs than large organisations.

An average small business employee will experience 350% more social engineering attempts than an employee at a larger business.

Myth 2: I don’t have to worry about my staff: Employees don’t have to act maliciously to cause damage; one mistaken click is all it can take. The human element (error, privilege misuse, use of stolen credentials or Social Engineering) was involved in 74% of all breaches among all industry types and sizes.

Myth 3: I don’t need to plan— our systems are already safe: 64% of small business owners are confident they can quickly resolve any cyber attack. Yet, only 28% have a plan to respond to a cyber attack and only 26% have cyber insurance.

Thirty-two percent of SMBs rely on free security solutions that may not deliver adequate protection. System intrusion, social Engineering and basic web application attacks represented 92% of SMB breaches in the 2023 DBIR.

Myth 4: Small businesses can’t afford cyber security: Think you can’t afford cyber security? The truth is that you probably can’t afford not to have it. According to the DBIR, the median cost per ransomware incident doubled over the past two years, with 95% of ransomware incidents involving losses between $1 and $2.25m.

Forty percent of small business owners expect a cyber attack to cost less than $1,000, while 60% think it would take less than three months to fully recover.

Data from cyber insurance claims show breaches generally range between $15,000 to $25,000 in recovery costs. The average recovery time is 279 days.

For more stories on Digital Transformation click here.