It is no longer if, but when, your business will experience an internet based attack. Some 250,000 new malware items are released onto the internet every day. There are increased risks from ransomware that encrypt data and lock you out of your own system.
The impact of a cyber-attack to your company's brand, reputation, and business operations can be catastrophic. In 2015, 74% of SMBs reported a data breach of some kind in 2015. 60% of SMB’s that suffer a significant breach close their doors within 6 months.
SMBs are targeted because:
Limited IT infrastructure budget.
Absence of IT security procedures and policies
Insufficient awareness amongst employees
No dedicated IT specialist on the payroll.
SMBs viewed as entry point to larger more lucrative targets.
Outsourcing of security to unqualified contractors or system administrators
It’s a combination of a things that takes a business down. Usually there is no breach response plan in place. Even if they survive the cost of the business interruption, the cost of remediation or the loss of reputation might deliver the crippling blow. The final nail in the coffin is sometimes the legal action that emerges during the aftermath of the cyber-attack.
Emerging data breach notification laws are establishing standards on the methods, information, and time frame for notifying parties that have been breached. Industry reports estimated that 62% of cyber-attacks are aimed at SMEs (Source: BIS and PwC) with the average cost of a data breach costing between $90k and $170k (Source: Association of British Insurers). Research by Forbes suggest that 60% of SMEs close within 6 months of a significant cyber-attack
Penalties exist for ignoring such new laws. According to a recent NetDiligence® report, the cost for a small business forensic investigation ranges from $20,000 to $60,000. Combine that with the costs for notification, reputational damage and the possibility of regulatory fines and litigation from affected parties, and it is no surprise that 60% of small to medium sized businesses close within six months of a cyber-attack.
The threat is real and something must be done, but what small business has the time or money to address all this complicated, constantly evolving internet security stuff?