Data breach is causing a lot of headaches among global businesses, and it does not seem to slow down anytime soon. In the US alone, businesses and customers suffered 1,120 total breaches and more than 171 million record exposures during the first 10 months of 2017, according to Identity Theft Resource Center (ITRC). Furthermore, its impact is growing as the average cost of a data breach in 2017 has been reported to be $3.62M globally and $7.35M in the US, according to 2017 Ponemon Cost of Data Breach Study.
These numbers may reflect only the reality that big enterprises face; however, to small and medium-sized businesses (SMBs), data breach is a threat that is just as clear and present. In 2016, Symantec’s Internet Security Threat Report reported that43% of data breaches were targeted at SMBs.
Data Breaches Hit SMBs Harder!
Data breaches cause SMBs the financial, reputational, and other organizational damages. A report by Kaspersky Lab shows that average cost of a data breach for SMBs was measured at $117,000 per incident, while more potent and targeted breach cost SMBs $188,000 on average. Some of the key spendings on damage control were as below.
- Hiring professional experts and preparing employee training programs
- Lost customers or business
- Lowered credit rating and increased insurance premiums
- Software and infrastructure improvement
- Brand image reparation and customer compensation
Monetary loss or business setbacks like above may not be the end of what data breaches can inflict the SMBs; data breaches can lead to business bankruptcy as SMBs are most likely to be lacking in the capital and resources to handle such impact. To According to UPS Capital, “60% of smaller businesses are out of business within six months of suffering a cyberattack.”
Why Do SMBs Suffer More?
SMB owners already have more than enough responsibilities to drive their business forward with limited capital and resources, and this puts data security in a less prioritized position, where it gets either neglected or overlooked without any seriousness. SMB owners and employees are generally unaware of the current state and potential damage of data breach; therefore, they naturally become good, naïve targets of opportunity for the cyber criminals, whether they are inside or outside the organization. This lack of awareness ties closely into the nature of data breach, being not only malicious but also accidental, as most breaches are in fact, caused by mistakes like negligent employees mishandling security configurations or employees clicking wrong links online. Not only that, the limitation of capital and resources will lead to difficulty in covering the costs of implementation of technical measures and damage control. The absence of technical measures undoubtedly puts SMBs in a vulnerable position, which is exposed to data breach threats from various fronts.
Say that SMBs were familiar with and prepared for data breaches, the measures which they implemented can turn out to be insufficient as security gaps can unexpectedly emerge, opened to exploitation by data breach threats. This issue can be considered as a by-product of current trend of data security industry that is focusing on providing enterprise-grade security that demands high investment, dedicated IT resources, and complex configurations. Thus, SMBs are finding it difficult to find the right solutions that will meet their specific requirements, and they are left to settle for cost-effective alternatives that are less capable.
If you, as an SMB owner, have experienced or are worried about data breaches, the important thing is to start seriously considering the potential risks now, and not after the damage has been done. With lack of awareness, capital, and resources, SMBs can be left unsure on “how and what” to do to prevent data breaches. Head to our next blog to learn how SMBs can establish their data security against data breach threats from outsiders and insiders.