Techaisle Study Finds Cybersecurity Breaches Cost SMBs and Midmarket Firms Millions

According to a survey of 2035 businesses conducted by Techaisle, cybersecurity breaches cost SMBs (1-999 employees) an average of US$1.2 million in data, productivity, compliance and regulatory expenses, and staffing costs. In contrast, upper-midmarket firms (1000-4999 employees) suffered an average loss of US$28.6 million. The research also revealed that 56% of SMBs and 88% of upper midmarket firms experienced at least one cyberattack in the past year.

SMBs and midmarket firms recognize that a security breach can have significant business implications. When asked about the potential impact of a breach, 54% of firms stated that it would damage their customers’ privacy, 49% believed it would erode customer trust in their business, and 44% saw it as damaging to their company’s reputation. Nearly one-quarter reported that a breach would have a substantial negative impact on their bottom line. Security is not just an issue but also a critical factor in defending against threats to trust, compliance, and financial viability.

Security is a critical concern for SMBs and midmarket firms. While technology is essential for productivity, growth, and profitability, it also exposes businesses to potentially devastating security breaches. Many SMB firms practice “security through obscurity,” hoping that attacks will target larger organizations while they keep a low profile. However, with enough hackers, scammers, and cybercriminals to go around, every conscientious SMB executive must address security threats and take action to safeguard their business against other threats, such as loss of customer trust, compliance with laws and regulations, and loss of financial solvency.

Techaisle survey indicates that SMBs have IT security on their agendas, with 85% of SMBs and 100% of upper midmarket firms considering it a critical concern. A closer look at the findings shows that other important issues for SMBs, such as cloud and hybrid work, cannot be implemented without an effective security approach.

SMBs and midmarket firms often need help establishing a starting point for IT security. They want to protect their data, users, networks, and devices that enable access to data through the network. They also want to expand their technology-enabled business activities by capitalizing on cloud and mobility, but security remains a significant issue.

Cybersecurity can be a daunting challenge due to the complexity of technology and the menacing nature of threat sources. The complexity arises from the fact that security issues fall into multiple categories. Multiple ‘threat vectors’ apply to each SMB’s IT and business infrastructure layer. SMB management is concerned about malware attacks on PCs that can inhibit productivity and damage data, as well as the potential for identity theft, network intrusions, and lost or stolen devices that can compromise customer privacy or open the door to fraud. SMBs who embrace the cloud to enhance service levels and automate business processes also worry about the security of data housed by suppliers and potential breaches when communicating with remote hosts.

Faced with a dizzying variety of threats, SMBs have developed an investment approach that aligns scarce resources with areas of most significant exposure and a willingness to expand defense resources over time. With many urgent priorities, it can be challenging for an SMB to focus on expanding its IT security defenses. The question of when enough is enough is not answered by the spending allocated to cybersecurity but rather by the balance of supply and demand. For example, an organization that only uses email would need a simple set of security products such as anti-spam/email security and an anti-malware suite. An organization with a more expansive set of applications and data running on mobile, web-connected devices would need a modest expansion to their security infrastructure, perhaps adding MDM/MAM and DLP systems. However, SMBs and midmarket firms want to take advantage of advanced technologies such as collaboration tools and cloud-based systems to drive productivity, increase contact with customers and prospects, and access advanced applications that enable them to compete with larger organizations.

Each new use of technology can significantly increase a business’s capabilities. However, it also increases the business’s attack surface - the number of ways it is exposed to security threats. Attackers are resourceful and creative, and each new surface and breakthrough on the ‘dark side’ of technology increases the threat vectors or possible avenues of attack that an SMB must defend against.

The familiar maxim “the best defense is a good offense” has been quoted by military and political strategists, legal and business circles, and virtually every sports context. Sports provide an especially instructive analogy, with many, including basketball, soccer, and hockey, emphasizing the ‘transition game’ - the point at which defense turns into offense and a team can make headway towards scoring rather than simply defending its position. An approach to IT security that moves beyond ‘safe’ to ‘empowered’ allows SMB executives to reap tangible agility benefits that differentiate their organizations. This approach covers the need to safeguard assets and relationships and the potential to establish a platform for ongoing success.

The cloud allows SMBs to access computing power and applications previously only available to much larger organizations. It is a significant business resource for SMBs, with Techaisle research showing that it is the most crucial element in SMB technology strategies for building agility and competitive advantage. However, the cloud also adds to the attack surface, opening new vectors that cybercriminals can exploit. SMBs who commit to the cloud must consider adding data and network encryption and other security practices and technologies to their existing PC and data-focused security technologies to ensure that their use of the cloud as a business enablement tool does not harm them.

In conclusion, cybersecurity is a critical concern for SMBs and midmarket firms. The potential impact of a security breach can be devastating, with significant financial losses and damage to customer trust, privacy, and company reputation. While technology is essential for productivity, growth, and profitability, it also exposes businesses to potentially devastating security breaches. SMBs must proactively approach IT security, aligning scarce resources with areas of most significant exposure and expanding defense resources over time. An effective security approach is essential for implementing other important issues, such as cloud and hybrid work. By addressing security threats and taking action to safeguard their business against other threats, such as loss of customer trust, compliance with laws and regulations, and loss of financial solvency, SMBs can reap tangible agility benefits that differentiate their organizations.