More than half of cybersecurity executives at small- and medium-sized businesses (SMBs) (58%) fear a major data breach more than a flood, fire, transit strike, or even a physical break-in of their office, according to the inaugural AppRiver Cyberthreat Index for Business Survey released Tuesday.

The concern is rooted in a stark business reality: Nearly half of the 1,059 SMB cybersecurity decision-makers surveyed (48%) said a major data breach would likely shut down their business permanently, the report found. This percentage increased significantly for financial services and insurance SMBs (71%) and healthcare SMBs (62%), according to the report.

SEE: Security awareness and training policy (Tech Pro Research)

These results echo the findings of a previous report from VIPRE, which found that 66% of SMBs would either go out of business or shut down for at least one day in the event of a breach. Almost half of all cyberattacks target SMBs, as these businesses tend to have less-sophisticated security infrastructure and fewer trained cybersecurity workers on staff to manage and respond to threats.

“In today’s digital age, businesses rely on their intellectual property and use automated business processes more than ever before – bringing cybersecurity to the forefront,” said Dave Wagner, CEO of Zix Corporation, parent company of AppRiver.

SMBs are more concerned that these attacks could come from disgruntled ex-employees (24%) than from rogue hacktivist groups (21%), lone-wolf hackers (19%), competitors targeting corporate intellectual property (18%), or nation state-sponsored hackers (18%).

The reason for this fear of an ex-employee breach is well founded: Some 20% of organizations said they have experienced data breaches by former employees, according to a OneLogin report. Companies can increase their chances of avoiding such an attack by removing employees’ access to all accounts immediately after they leave the company.

SMBs can follow these tips from Kaspersky Lab to improve their security practices:

  1. Create a list of assets your employees use
  2. Make a list of the online services your organization uses, and analyze which of them is critical for your business process.
  3. Audit critical services and their settings
  4. Set clear guidelines for which data can be moved to the cloud and which must stay internal
  5. Set guidelines for which data can be accessed by which employees
  6. Arrange security awareness training to teach staff how to handle critical data safely
  7. Use a reliable security solution

The big takeaways for tech leaders:

  • 58% of cybersecurity leaders fear a major data breach more than a flood, fire, transit strike, or even a physical break-in of their office. — AppRiver, 2019
  • 48% of cybersecurity leaders said a major data breach would likely shut down their business permanently. — AppRiver, 2019