“Small/midmarket businesses are more inclined to pay ransoms to adversaries so that they can quickly resume normal operations. They simply can’t afford the downtime and lack of access to critical data—including customer data”
Nearly half of small and medium-sized businesses (SMBs) experience a day of downtime resulting from a breach or cyber-security incident – and are much more likely to pay out following a ransomware attack.
This is according to a new report from Cisco that questioned 1,816 SMBs in 26 countries. It found that breaches of customer data and cyber-attacks such as ransomware are resulting in SMB’s clocking up the downtime with 40 percent reporting that they experience eight hours or more downtime a year due to threat actors.
The report also discovered that 54 percent of cyber-attacks result in monetary losses of £381,000, this number is the result of lost revenue, fines, customer trust and the inherent cost of dealing with a cyber incident.
The report notes that this financial cost is significant enough to knock a small enterprise out of the game permanently.
Phishing attacks, an attempt by threat actors to gain sensitive information though an employee’s erroneous disclosure via phone or email continue to be the most common cyber-attack experienced by companies, with 79 percent of midmarket businesses commenting that this is their main cyber-security concern.
Interestingly ransomware, malicious malware that holds files hostage till a fee is paid, is the second highest concern for mid-level companies, but it is not in the top three concerns for large enterprises.
This is due to the fact that ransomware affects companies in different ways in terms of costs: in many instances, larger companies can either work around the locked system or wait till their in-house dedicated cyber-security team deal with the issue.
However, Cisco note in the report that: “Small/midmarket businesses are more inclined to pay ransoms to adversaries so that they can quickly resume normal operations. They simply can’t afford the downtime and lack of access to critical data—including customer data.”
Worryingly only 55 percent of midmarket enterprises are investigating security alerts when they detect them, with Cisco reporting that 37 percent of these are legitimate alerts. They also found that a SMB can face up to 5000 security alerts a day.
In response to these cyber incidents small and medium enterprise cloud service adoption is on the rise with Cisco researchers discovering a 15 percent rise in cloud migration for SMBs, 68 percent of responders citing stronger security for the move. The report notes that: “Many respondents believe that the cloud can help close some gaps in their defences as well as resolve some shortcomings in their infrastructure and the abilities of their staff.”
Peter Barbosa Sr. Director of Security Sales at Cisco commented in an emailed statement that: “Unfortunately, we’re nowhere near finding a magic bullet for cyber-attacks.”
“Companies don’t have to recreate the wheel to establish an effective security program; they simply need to look around them, learn from others in the industry, and apply measures that will bring value in their own community.”
Mr Barbosa states that companies would do well to remember that: “incremental change is better than no change.”