igor - Fotolia

Most SMEs severely underestimate cyber security vulnerabilities

Small businesses are the primary target for cyber attacks, yet most are unprepared and do not think they will be targeted, a survey reveals

Two-thirds (66%) of business leaders at companies with up to 500 employees do not believe they will fall victim to a cyber attack, a YouGov survey commissioned by security firm Keeper Security shows.

And cyber security is not a top priority for business leaders’ focus and efforts, despite the fact that 67% of businesses had been attacked in the previous 12 months, according to another study on security at small and medium-sized enterprises (SMEs) for Keeper Security by the Ponemon Institute.

The latest survey of 500 US business leaders at SMEs showed that only 12% understand the reality that an attack is very likely, no matter the size of the company.

“Businesses face a vulnerability crisis when it comes to cyber criminals, and this reality won’t get better until cyber security gets higher billing on their to-do list,” said Darren Guccione, CEO and co-founder of Keeper.

“Our survey findings show that a quarter of companies don’t know where to start with cyber security prevention and even more don’t think they will fall victim to an attack, but it’s time they dramatically changed their perspectives and put a plan in place.”

The study also revealed differences in perception between newer and more mature businesses, with companies in business for less than five years believing they are at a much higher risk than those operating for 10 or more years.

Read more about SME cyber security

Of companies that have been in business less than five years, 28% believed they were “very likely” to be the target of a cyber attack, while only 6% operating for 10 or more years thought the same. The majority (70%) of businesses operating for 10 or more years thought a cyber attack was not very likely or not likely at all. 

Only 9% of respondents thought cyber security was the most important aspect of their business when compared with recruitment, marketing, sales, quality of internal tools, and contributing to social good. Nearly one in five (18%) ranked cyber security as the least important aspect. 

Respondents ranked a recession, damage to public reputation and a disruption to the business model and as the main threats to their businesses. Cyber security was ranked last by more than one in five surveyed (21%), despite the fact that such an attack is likely to cause a disruption in business model and damage to public reputation. 

Read more about password security

The survey also revealed that most companies understand the critical role of passwords when it comes to security. The majority of respondents (69%) said passwords make them feel “confident” or “secure”, with 75% saying their firms had policies in place that encourage or require employees to update their passwords regularly.

However, 60% of respondents reported not having any prevention plan in place against a cyber attack. The survey report noted that in light of the fact that the Verizon 2017 Data Breach Investigations Report (DBIR) found that 81% of hacking-related breaches used stolen, weak or easy-to-guess passwords, the difference in reported password policies and lack of prevention plans points to a disconnect in understanding that password security is itself a strategic prevention option.

Read more on Hackers and cybercrime prevention