New Survey Shows Majority of Small Businesses Believe They are a Likely Target for Cybercrimes; More Than a Quarter have Experienced Data Breach in Last Year
Tuesday, January 7th, 2020
A new survey released by the National Cyber Security Alliance (NCSA) today found that an overwhelming majority of small businesses believe that they are a target of cybercriminals, highlighting the growing awareness among this group about the threat of a cyberattack. The Zogby Analytics survey – which was commissioned by NCSA and polled 1,006 small business decision makers – revealed that 88 percent of smaller-sized organizations believe that they are at least a "somewhat likely" target for cybercriminals, including almost half (46%) who believe they are a "very likely" target.
Released during National Cybersecurity Awareness Month (NCSAM), the survey showed that with small businesses more aware of a data breach threat, many are responding with strong cybersecurity measures. Almost half (46%) of surveyed businesses feel "very prepared" to respond quickly and appropriately to limit the impact of a data breach or cybersecurity incident, were they to happen today. More than half (58%) say they have a response plan that they can immediately put into action while 36 percent say they would be able to fully operate without computers following a breach. The full survey results can be viewed here: https://staysafeonline.org/small-business-target-survey-data/
"Cybersecurity remains a serious threat for businesses and consumers alike, so it is encouraging to see more businesses educating themselves about cybersecurity," said Daniel Eliot, NCSA's director of education & strategic initiatives. "As a result, they are learning that they are not immune to attacks – as many small businesses once believed – and are learning to better protect themselves and their most important assets."
Despite small businesses' increased knowledge about cybersecurity, devastating data breaches are not unheard of. More than a quarter (28%) of survey respondents have experienced an official data breach within the past 12 months. As a result, 37 percent of those suffered a financial loss, 25 percent filed for bankruptcy and 10 percent went out of business.
Other survey highlights include:
Larger companies are better prepared for a cyber breach – 73 percent of businesses with 251-500 employees have a response plan that they can immediately put into action and 44 percent would be able to fully operate without computers (for companies with 1-10 employees the respective numbers are 37% and 26%).
51 percent of small business decision makers believes that smartphones pose just as much cyber risk to their organization as computers do, while an additional third (31%) believe they pose more risk.
63 percent have a clearly articulated process for employees to report potential cyberthreats to leadership, and 73 percent have a clearly articulated business process that outlines how employees should securely dispose of equipment and data.
41 percent of businesses back up their business data on a daily basis while almost a quarter (21%) do it multiple times per day.
The National Cyber Security Alliance encourages all businesses to implement a cybersecurity program based on the National Institute of Standards and Technology Cybersecurity Framework:
Identify and understand which business assets ("digital crown jewels") others want
Learn how to protect those assets
Detect when something has gone wrong
Respond quickly to minimize impact and implement an action plan
Learn what resources are needed to recover after a breach
The Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security, which co-leads NCSAM with NCSA, is conducting a survey on cybersecurity issues in the small and mid-sized business (SMB) community and welcomes organizations' participation. The survey focuses on companies' awareness and use of the NIST Cybersecurity Framework. The voluntary survey addresses companies' familiarity with the Framework, their perceptions regarding potential barriers to using the Framework, their concerns related to cybersecurity, as well as how those concerns rank relative to other business priorities. It also seeks companies' suggestions for strengthening the overall cybersecurity posture of SMBs.