IT decision makers at 96% of SMBs in the US, UK, and Australia believe their organizations will be susceptible to external cybersecurity threats this year, according to a new report from security provider Webroot. Although businesses are aware of these threats, 71% of respondents said they were not prepared to address them.
Webroot surveyed 600 IT decision makers at mid-sized businesses with 100-499 employees across the three nations. These IT leaders reported being most worried about cyberthreats including new forms of malware (56%), mobile attacks (48%), and phishing attacks (47%).
A cyberattack in which customer records or critical business data were lost would cost an average of $579,099 in the US, £737,677 in the UK, and AU$1,893,363 in Australia, IT leaders estimated.
Cyber incidents are not only costly and harmful in terms of the information stolen, but also in terms of the company's reputation, especially for SMBs, the report found. Nearly two-thirds of SMBs surveyed said they believe it would be more difficult to restore their company's public image than to regain employee trust and morale.
SEE: The Four Volume Cyber Security Bundle (TechRepublic Academy)
Businesses manage IT security in a variety of ways, the report found: Some 20% of SMBs have in-house employees with some IT security responsibilities, while 37% use a mix of in-house and outsourced IT security support. Just 23% have a dedicated in-house IT security professional or team.
With the threat landscape growing, 94% of IT decision makers said they plan to increase their annual IT security budget in 2017 compared to 2016.
"Small- to medium-sized businesses face just as many threats as larger ones, but are often at a disadvantage because of their lack of resources," said Charlie Tomeo, vice president of worldwide business sales at Webroot. "Given the recent spate of ransomware attacks, it is crucial for these companies to shore up their security."
Tomeo offered the following six tips for SMBs to stay secure:
1. Be prepared
Create an action plan to respond to any type of breach that includes outside resources who you can call for assistance.
2. Educate employees
Workers may not know how to avoid phishing or other attacks. Investing in regular security training is an important way to prevent attacks from reaching your systems.
3. Remember mobile
Employees' mobile devices are doorways into business networks, and can leave them vulnerable to unseen risks.
4. Spend wisely
Look to allocate any additional security budget you might have to where risks are highest. Consult with an expert if you are not sure.
5. Update software
Keep business devices up to date with the latest software and security patches.
6. Beware of ransomware
The US is one of the nations most affected by phishing, which can lead to ransomware. Create a layered defense with strong backup and business continuity plans.
Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.
- IT decision makers at 96% of SMBs in the US, UK, and Australia believe their organizations will be susceptible to external cybersecurity threats this year. - Webroot, 2017
- A cyberattack in which customer records or critical business data were lost would cost an average of $579,099 in the US, £737,677 in the UK, and AU$1,893,363 in Australia. - Webroot, 2017
- 94% of IT decision makers said they plan to increase their annual IT security budget in 2017 compared to 2016. - Webroot, 2017
- Why SMBs are at high risk for ransomware attacks, and how they can protect themselves (TechRepublic)
- Ombudsman says SMBs are a growing target for cybercrime in Australia (ZDNet)
- How to avoid ransomware attacks: 10 tips (TechRepublic)
- Security TV: Ignore the email threat at your peril (ZDNet)
- 6 common enterprise cybersecurity threats and how to avoid them (TechRepublic)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.