McAfee has announced the release of startling research that reveals the true cost of cyber attacks on small and medium sized businesses (SMEs). A key misconception revealed by the survey is that many SMEs feel they are too small to be targets for cybercriminals.
After sampling 500 IT decision-makers from companies with 1000 to 2000 employees, the report reveals that a third (32 percent) of small and medium businesses in the United States and Canada have been attacked more than four times by cybercriminals in the last three years.
The research concludes that a quarter of those attacked (26 percent) took at least a week to recover, a devastating length of time to be offline for small businesses who conduct business and sales via the Web. Recovery time in Canada was even greater, with a third (36 percent) taking a week or more to fully restore their systems.
The report highlights the gap between the perceptions of SMEs towards security issues and the realities of cyber attacks. Key statistics from the research include:
• Too small to matter: 44 percent think cybercrime is only an issue for larger organizations and believe it does not affect them
• Not all in a name: 52 percent of businesses believe that because they are not well-known so cybercriminals will not specifically target them
• Undervaluing can be costly: Almost half (45 percent) do not think they are a 'valuable target' for cybercriminals
• Monetary misconceptions: 46 percent do not think they can be a source of profit for cybercriminals
"For businesses of all sizes, viruses, hacker intrusions, spyware and spam can lead to lost or stolen data, computer downtime, decreased productivity, compliance issues, lost sales and even loss of reputation," said Darrell Rodenbaugh, senior vice president of the mid-market segment at McAfee. "Just because a business is small does not mean it is immune to security threats."
Sixty minutes or less
SMEs are allowing themselves to be vulnerable to IT attacks by failing to allocate an appropriate amount of time and resources to security. Almost half of SMEs (42 percent) dedicate just one hour a week to proactive IT security management, despite the fact that almost one in five (21 percent) acknowledged that an attack could put them out of business.
"Since many of the SMEs surveyed have just one hour per week to spend on IT security, our advice is to find a trusted partner that can help them assess their risk," said Rodenbaugh. "Choosing a managed solution and outsourcing security helps SMEs free up their time to focus on other priorities and feel confident that their IT security needs are being covered by an expert. It can also mean security technologies that are otherwise out of their price range will be available to them."
A false sense of security
SMBs may not be as safe from security attacks as they think. Eighty-eight percent of respondents believed they were 'adequately protected,' yet 43 percent of them admitted that they simply accept the default settings on their IT equipment, settings which are often not in line with their specific business needs.
The research, conducted by MSI, questioned 500 IT decision makers in organisations in the United States and Canada.