More data points are available to make your resilience case.

Bridging Main Image.jpg

If you’re making the case for cyber resilience at your small to medium-sized organization, there is a whole slew of new data out there to help make your argument.

Our ongoing blog series Bridging the Cyber Divide is all about helping you—the IT/security professional at a small-to-medium sized organization—convince non-technical folks who make budgetary decisions that enhanced security for your critical systems isn’t just a luxury but a necessity.

Cisco has released a treasure trove of new data specifically for small to medium-sized business that should help you make your case in their new Cybersecurity Special Report for Small and Midmarket Businesses.

What follows are some key highlights, as well as some nuggets from new Mimecast research along similar lines.

SMBs increasingly are a cyberattack target

Cisco surveyed 1,816 respondents in 26 different countries for the small and midmarket section of their survey.

Defining the midmarket as organizations with between 250 and 499 seats, Cisco found that 53% of companies in the midmarket have experienced a breach in 2018. While 29% of these companies said the breaches cost them under $100,000, 20% said it cost them between $1 million and $2.5 million.

When it comes to downtime as a result of a breach, organizations also find themselves in a costly position. Of those midmarket companies surveyed, 40% said they experienced eight hours or more of downtime due to a severe breach in the last year. The impact of these breaches can be wide-ranging—39% said at least half of their systems were damaged by a severe breach.

That type of impact can be extremely detrimental to smaller organizations, and the smaller the org the more impactful that breach will be. Organizations with interconnected systems, which is likely to be the case with smaller seat counts, could face more serious consequences as a result if they aren’t protected correctly.

Mimecast’s own research commissioned by Vanson Bourne shows similar alarming increases for small-to-medium sized organizations. For those between 250 and 499 seats, organizations globally saw phishing attacks with malicious links or attachments increase 53%, impersonation attacks increase 66% and internal threats or data leaks increase by 41% over the course of 2018.

Among the same group, 45% experienced either a direct financial loss or loss of customers due to the impacts of an email-based impersonation attack. Despite this, nearly 40% of those impacted by these attacks considered data loss to be the costliest factor associated with their aftermath.

Similarly, about 40% of global orgs of this size don’t believe their current security system can sufficiently protect them from the impacts of email-borne attacks or data leaks in internal-to-internal emails, outbound emails or automated detection and removal of malicious emails that have already landed in employees' inboxes.

Why cyber resilience for the midmarket is critical

You may recall, back when we started this series, we cited an alarming statistic from the National Cyber Security Alliance: 60% of small businesses that suffer a cyberattack are forced to go out of business within six months. And we told you about a small online retailer in the US Midwest where exactly that happened: one click on a bad link led to cleanup and loss of business that was so costly they were forced to close up for good.

Going back to that figure from the Cisco report about how 1 in 5 mid-market companies needed between $1 million and $2.5 million to cleanup after an attack, you get a sense of the real cost of these types of breaches.

If the folks at your organization who don’t deal with security on a day-to-day basis throw up red flags when you ask them to consider spending on enhanced security, these alarming monetary figures are strong items you can use to back up your argument.

You can ask what kind of contingency funds the organization has in place in case for when you get breached. It’s safe to say many small to medium sized companies may not have upwards of $2.5 million at the ready to deal with the aftermath of a breach.

It may take work, but you need to be prepared to make your case back to your organization about why you need to go to this expense to protect your users and your critical IT infrastructure.

The last thing you want is to end up in a statistic such as the ones we’ve seen so far.

Here are other posts in this series:

Supply Chain Attacks in the Real World

New Year, New Prices

'Tis the Season For Hacking

You're the Weak Supply Chain Link

Making the Resilience Case

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

C-Level Fraud and Spear-Phishing Across International Boundaries

These long-standing cyberattack types ar…

These long-standing cyberattack types are more prevalent tha… Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Mar 28, 2019

March Email Security Risk Assessment Report: A Focus on Office 365

What Office 365 misses may surprise you.…

What Office 365 misses may surprise you. With this blog I a… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Enterprise Security Campaigns

Posted Mar 04, 2019

The Return of the Equation Editor Exploit – DIFAT Overflow

The latest from Mimecast Research Labs. …

The latest from Mimecast Research Labs. Summary In the last… Read More >

Meni Farjon

by Meni Farjon

Chief Scientist for Advanced Threat Detection

Posted Mar 01, 2019