Email Security

    Nearly Half of All Breaches are on SMBs

    Convince the cybersecurity skeptics with this and other data points.

    by Ed Jennings

    When you're making your case for cybersecurity solutions back to your business/finance colleagues at your small-to-medium sized organization, it's helpful to have cold, hard facts from the cybersecurity world to help make your argument.

    This spring, there has been no shortage of such releases of information. So, in this week's edition of Bridging the Cyber Divide, we’re looking at some key findings from several recent cybersecurity-related reports and surveys that you can use to help make your case.

    New Study: SMBs at Major Risk for Cyber Breaches

    Every year, Verizon releases its Data Breach Investigation Report (DBIR) where they examine thousands of data breaches and security incidents across the world and provides a summary of their findings. Their 2019 version was released earlier in May and the information included should be a major wakeup call to non-technical folks in your organization. Here’s what they found:

    43% of all breaches happen at small businesses. For any naysayer in your SMB organization who thinks you couldn’t possibly be the target of a cyberattack—or that you won’t have any kind of security incident in general—this number should provide a strong retort.

    C-level executives are 12 times more likely to be the target of security incidents and nine times more likely to be the target of data breaches than in the 2018 DBIR.

    Financial gain is the top driver for all data breaches. Again, no surprise here. Attackers don’t really care who you are, how big your business is or what your revenue figures look like. They’re looking to get their hands on money anyway they can.

    We’ve talked quite a bit about the supply chain in this series of posts. If you work with bigger businesses, odds are they will try to use your security weaknesses as a way into the larger businesses, and get access to their money. This is something to keep in mind as you consider advanced security solutions.

    More than half (56%) of data breaches took months or longer to discover. Having the right data breach prevention and detection mechanisms in place is critical for successfully stopping and recovering from these types of incidents. Small businesses can’t afford to let these incidents go undetected. As we’ve noted before, sometimes they don’t recover at all.

    Attacks on SMBs Aren’t Stopping 

    Much of what Verizon found in their DBIR tracks with the findings of a recent Vanson Bourne survey commissioned by Mimecast of global IT decision-makers. Here are some of the key takeaways specific to small-to-medium sized businesses:

    Attacks aren't going away. For organizations with between 250 and 499 email users, 66% saw an increase in impersonation fraud in the last year, with 53% seeing more phishing with malicious links or attachments and 41% experiencing more internal threats or data leaks.

    The serious losses of impersonation attacks. Of those smaller organizations who experienced impersonation attacks, 38% suffered data loss while 24% dealt with direct financial loss. Some 29% had employees lose their jobs over these attacks, while 21% lost customers.

    Existing email systems aren't keeping up. Email security systems are sometimes not up to the task for SMBs either. When it comes to monitoring and protecting against email-borne attacks or data leaks in internal-to-internal emails, 38% don't believe their system is up to the task.

    A similar number feel the same when it comes to protections for outbound emails (39%) and automated detection and removal of malicious emails that have already landed in employees' inboxes (38%).

    Cyber resilience needs to be a bigger priority. Among the SMBs surveyed, 42% said they had a cyber resilience strategy, which is slightly lower than the average of all organizations (46%) and the lowest of all email user seats bands in the survey. While the message about cyber resilience is resonating (about 45% of SMBs are rolling out a strategy now or within the next 12 months), there is still much work to do in these areas.

    We’ll have more of this info and what it means for organizations of all sizes in our upcoming 2019 State of Email Security report out later this spring.

    The Best of the Rest

    Here are a few other stats we discovered so far this year that should help you make your case:

    • 67% of organizations report being breached at some point in the past, and 86% of US organizations plan to increase their cybersecurity spending in 2019. (Thales)
    • More security vulnerabilities were publicly disclosed in the first quarter of this year than in any previous three-month period. (Dark Reading)
    • 60% of organizations in the US and UK have been breached in the last two years and 31% had been breached more than once. (Forbes)

    With all this info, making your argument should be that much easier. Good luck.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top