71% of Businesses Do NOT Have a Plan To Deal With Potential Cyber-Attacks
November 2020 by Kaspersky
The Office of National Statistics recently cited a 12% increase in fraud and computer misuse.
Cyber-attacks can be particularly damaging to small and medium-sized enterprises. But despite this news, a recent Kaspersky report shows there has been a lack of investment in IT security.
Why has the amount of money into cybersecurity decreased over the last year? Specopssoft.com sought to find out by surveying 1,600 SME owners. Kaspersky report data
● Over the last year, SMEs decreased their IT security by an average of $4.9m!
● 32% of businesses see ‘no reason to invest so much in IT security’
● Even though there has been a drop in security investments, 66% of SMEs say it is worth making ‘huge’ investments in cybersecurity practices
● 31% of SMEs believe that they are not at risk themselves and its bigger businesses who are
● 71% of businesses do NOT have a formal plan/protocols in place to deal with any potential cyber-attacks
According to Kaspersky, the top 10 reasons why SMEs have decreased on their investment in cybersecurity include:
Reasons given for expecting to reduce IT security spending over the next three years %
1 Overall cuts to company expenses/general budget optimization 29%
2 We are secure enough and there is no need to invest more in IT security 25%
3 Large investments in past years solved key problems – now only maintenance is needed 25%
4 Due to a decrease in business 23%
5 Top management sees no reason to invest so much in IT security 23%
6 There were no security incidents experienced in the last 12 months 22%
7 Outsourcing some IT security functions allows us to cut costs 22%
8 Switched to a cheaper endpoint protection solution/vendor 19%
9 IT budget re-allocated to other needs in the company 19%
10 Demand from our shareholders and investors 15%
Having found this information out; Specopssoft.com wanted to dive a deeper and asked 1,600 SME owners the following questions:
Question Yes No Not sure Rather not say
Do you see reason in ‘huge’ investments on cybersecurity? 66% 32% 2% 0%
Do you think bigger businesses are more likely to get attacked? 31% 62% 6% 1%
Do you think it would be harder for a small business to overcome an attack, rather than a large business? 51% 41% 7% 1%
Do you think your business is adequately prepared for any potential cyber-attacks? 42% 55% 0% 3%
Does your company have any formal plan/documentation in place which shows what protocols employees need to follow in the case of any potential cyber-attack(s)? 28% 71% 1% 0%
Do you think any budget cuts to your business will have an impact on how much you invest in cybersecurity for the overall business? 58% 32% 9% 1%
Do you think that a lot of the cybersecurity issues have been carefully handled/managed out over the last three years? 17% 82% 1% 0%
Do you think a decrease in business performance will lead to a decrease in how much your business investments in cybersecurity? 72% 28% 0% 0% Has your business considered hiring a cybersecurity officer/specialist? 69% 31% 0% 0%
Would you be prepared to make cuts elsewhere to afford extra cybersecurity? 42% 58% 0% 0%
Specopssoft.com’s survey showed that 31% of SME owners believe that bigger businesses are more at risk to threats than smaller ones. This is a myth. Every enterprise, business and big company is equally at risk of a cyber-attack, and as of 2017 roughly 48% of businesses were targeted at least once. *
However, the good news is, even though SME owners may believe that they are unlikely to be targeted, they think they are prepared for any potential attacks with 42% of the participants saying so. However, every year the fraud and computer misuse and cybercrime data is on the rise, with a 12% increase over the previous year as of March 2020.*
On the other hand, even though participants believed they were prepared – 71% said they do not have a formal plan that has been put forward by their company – or none that they were aware of.
Looking at the data it seems that SME owners, with the underlying belief that they will not be targeted, do not see the value in putting money into the practise with only 69% having considered hiring a security officer/specialist. Previous studies have shown that the more engaged you are as an SME and the more time you spend on the internet, the more you should be thinking about monitoring your cybersecurity.
With 66% of SME owners saying that it is worth making ‘huge’ investments in security, the evidence is blatantly clear - SMEs have the intentions to put money into security, however they are not putting this to practice as the Kaspersky report shows that there has been a $4.9m drop in IT security budgets since 2019.
Financial Loss Rep Damage Direct Impact of Crime Itself Loss of data Company information exposed Privacy breach Not sure
What would you say is your biggest fear about the consequences of poor cybersecurity? 20% 29% 24% 10% 13% 2% 2%
The biggest fear that SME owners have of suffering cybercrime is reputational damage, receiving 29% of the vote.
The second biggest fear among owners is the direct impact of the crime itself, with 24% of the vote.
Third is the potential financial loss, with 20% of the vote.
To combat these fears and prevent cyber-attacks, cyber security expert Darren James, recommends the following: “All companies, regardless of size, need to protect sensitive data. The ones that are most at risk are the ones that don’t prioritise cyber security. Passwords are a weak link that can be addressed by using multi-factor authentication when possible, and securing passwords when MFA is not available. The best way to secure passwords is to prevent employees from choosing weak and leaked passwords.”
Methodology: This information was sought in response to Kaspersky’s IT Security Calculator Report in 2020. Specopssoft.com surveyed a total of 1,600 SMEs and SMBs across 9 countries in September 2020. Respondents were asked questions about their attitudes towards IT security towards SMEs and SMBs, with general questions covering the importance and preparations.