Email Security

    SMBs, Midmarket Continue to Be Massive Cyberthreat Targets

    More data points are available to make your resilience case.

    by Ed Jennings

    If you’re making the case for cyber resilience at your small to medium-sized organization, there is a whole slew of new data out there to help make your argument.

    Our ongoing blog series Bridging the Cyber Divide is all about helping you—the IT/security professional at a small-to-medium sized organization—convince non-technical folks who make budgetary decisions that enhanced security for your critical systems isn’t just a luxury but a necessity.

    Cisco has released a treasure trove of new data specifically for small to medium-sized business that should help you make your case in their new Cybersecurity Special Report for Small and Midmarket Businesses.

    What follows are some key highlights, as well as some nuggets from new Mimecast research along similar lines.

    SMBs increasingly are a cyberattack target

    Cisco surveyed 1,816 respondents in 26 different countries for the small and midmarket section of their survey.

    Defining the midmarket as organizations with between 250 and 499 seats, Cisco found that 53% of companies in the midmarket have experienced a breach in 2018. While 29% of these companies said the breaches cost them under $100,000, 20% said it cost them between $1 million and $2.5 million.

    When it comes to downtime as a result of a breach, organizations also find themselves in a costly position. Of those midmarket companies surveyed, 40% said they experienced eight hours or more of downtime due to a severe breach in the last year. The impact of these breaches can be wide-ranging—39% said at least half of their systems were damaged by a severe breach.

    That type of impact can be extremely detrimental to smaller organizations, and the smaller the org the more impactful that breach will be. Organizations with interconnected systems, which is likely to be the case with smaller seat counts, could face more serious consequences as a result if they aren’t protected correctly.

    Mimecast’s own research commissioned by Vanson Bourne shows similar alarming increases for small-to-medium sized organizations. For those between 250 and 499 seats, organizations globally saw phishing attacks with malicious links or attachments increase 53%, impersonation attacks increase 66% and internal threats or data leaks increase by 41% over the course of 2018.

    Among the same group, 45% experienced either a direct financial loss or loss of customers due to the impacts of an email-based impersonation attack. Despite this, nearly 40% of those impacted by these attacks considered data loss to be the costliest factor associated with their aftermath.

    Similarly, about 40% of global orgs of this size don’t believe their current security system can sufficiently protect them from the impacts of email-borne attacks or data leaks in internal-to-internal emails, outbound emails or automated detection and removal of malicious emails that have already landed in employees' inboxes.

    Why cyber resilience for the midmarket is critical

    You may recall, back when we started this series, we cited an alarming statistic from the National Cyber Security Alliance: 60% of small businesses that suffer a cyberattack are forced to go out of business within six months. And we told you about a small online retailer in the US Midwest where exactly that happened: one click on a bad link led to cleanup and loss of business that was so costly they were forced to close up for good.

    Going back to that figure from the Cisco report about how 1 in 5 mid-market companies needed between $1 million and $2.5 million to cleanup after an attack, you get a sense of the real cost of these types of breaches.

    If the folks at your organization who don’t deal with security on a day-to-day basis throw up red flags when you ask them to consider spending on enhanced security, these alarming monetary figures are strong items you can use to back up your argument.

    You can ask what kind of contingency funds the organization has in place in case for when you get breached. It’s safe to say many small to medium sized companies may not have upwards of $2.5 million at the ready to deal with the aftermath of a breach.

    It may take work, but you need to be prepared to make your case back to your organization about why you need to go to this expense to protect your users and your critical IT infrastructure.

    The last thing you want is to end up in a statistic such as the ones we’ve seen so far.

    Here are other posts in this series:

    Supply Chain Attacks in the Real World

    New Year, New Prices

    You're the Weak Supply Chain Link

    Making the Resilience Case


    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page