A computer with a red unlocked lock.
Image: Song_about_summer/Adobe Stock

More than half of small and medium-sized businesses in the U.S. and U.K. faced a successful cyberattack in the last year, according to a June 2023 study from security company BlackFog.

Jump to:

What cyberattacks on small and medium businesses look like

The biggest impact of a successful cyberattack was business downtime, the study found. Of the 400 IT decision-makers at small and medium-sized businesses who responded to the study, 58% experienced business downtime due to a cyberattack. In addition, 39% of respondents lost customer data due to a cyberattack, and one-third reported a loss of customers.

“Cybercriminals naturally gravitate towards targeting organizations with the lowest level of protection, and this typically means small to medium businesses come under fire,” said Dr. Darren Williams, the founder and chief executive officer of BlackFog, in a press release.

Attackers tended to target the same businesses twice, with 87% of IT decision-makers stating they experienced two or more successful attacks in the past year. BlackFog noted that 89% of all attacks the company studied involved data exfiltration of some kind.”Existing defensive-based approaches are no longer enough for today’s polymorphic attacks, leveraging data exfiltration as the main weapon of choice,” said Williams.

SEE: Businesses of all sizes should also watch out for social engineering and distributed denial of service attacks.

The biggest challenges SMBs face in staying safe from cyberattacks

BlackFog found that SMBs need high security standards and more understanding of the security challenges they face.Survey respondents said they were most concerned about malware attacks (50%) and ransomware and password attacks (32% each).

Many IT decision-makers (41%) at SMBs said a lack of knowledge of what cyberthreats might impact their business was the biggest challenge to effective protection.

In an email to TechRepublic, Williams pointed out that businesses may feel that it is too expensive to employ people with cybersecurity skills in-house; this makes it even more important for the decision-makers to choose external security partners carefully.

What the survey respondents look for in a cybersecurity service provider

Most respondents (87%) to the survey said they feel the IT providers they work with focus on understanding the cybersecurity challenges businesses face. However, this understanding is not complete, with only 39% of respondents saying their IT providers understand all of the security challenges SMBs face.

Many SMBs took high security standards into account when choosing IT partners, with more than one-third of respondents (38%) choosing high security standards as the main determining factor when choosing a managed security provider.

“Most [managed service providers] adhere to a standard formula and use the same tools and approaches they always have,” Williams told TechRepublic. “More advanced providers are constantly evolving and adopting new technologies to stay ahead of the latest threat vectors. Ask the vendor when was the last time they adopted a new technology or what they do to prevent data exfiltration. If they answer ‘firewall,’ then it’s time to move on.”