Twenty-eight percent of SMBs experienced a data breach within the past 12 months – and among those that did so, 37 percent suffered a financial loss, 25 percent filed for bankruptcy, and 10 percent went out of business, a recent Zogby Analytics survey of 1,006 small business decision makers found.
The survey, commissioned by the National Cyber Security Alliance (NCSA), also found that awareness of the threat is increasing. Fully 88 percent of respondents believe their companies are at least a "somewhat likely" target for cybercriminals, and 46 percent believe they're a "very likely" target.
And SMBs are responding in kind. Forty-six percent of respondents feel "very prepared" to respond quickly and appropriately to limit the impact of a data breach or cyber security incident.
Fifty-eight percent say they have a response plan they can immediately put into action, and 36 percent say they would be able to fully operate without computers following a breach.
Processes in Place
Sixty-three percent of respondents have a clearly articulated process for employees to report potential cyber threats to leadership, and 73 percent have a clear process that outlines how employees should securely dispose of equipment and data.
"Cybersecurity remains a serious threat for businesses and consumers alike, so it is encouraging to see more businesses educating themselves about cyber security," NCSA director of education and strategic initiatives Daniel Eliot said in a statement.
"As a result, they are learning that they are not immune to attacks – as many small businesses once believed – and are learning to better protect themselves and their most important assets," Eliot added.
Fifty-one percent of respondents believe smartphones pose just as much of a risk to their organization as computers do, and 31 percent believe they pose more risk. Forty-one percent of businesses back up their data on a daily basis, and 21 percent do so several times a day.
A separate Ponemon Institute survey of 2,391 IT and IT security practitioners worldwide found that 76 percent of U.S. companies were attacked in the last 12 months, up from 55 percent in 2016.
Eighty-two percent of U.S. respondents, more than any other region, have experienced a cyber attack in their organization's lifetime. Still, 88 percent of U.S. respondents said they spend less than 20 percent of their overall IT budget on security.
Attacks are becoming more sophisticated, with phishing (57 percent), compromised or stolen devices (33 percent) and credential theft (30 percent) among the most common attacks targeting SMBs worldwide.
And while 48 percent of respondents access more than half of their business-critical applications from mobile devices, 49 percent said the use of mobile devices to do so diminishes their organization's security posture.
"Cybercriminals are continuing to evolve their attacks with more sophisticated tactics, and companies of all sizes are in their crosshairs," Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement.