80% of U.S. small businesses have no cyber security policies in place
do to protect their information.
The respondents’ sense of security is especially unwarranted given that 40 percent of all targeted cyber attacks are directed at companies with less than 500 employees, according to Symantec data. In 2010 the average annual cost of cyber attacks to small and medium sized business was $188,242. What is more, statistics show that roughly 60 percent of small businesses will close up within six months of a cyber attack .
According to the Norton Cybercrime Report, the total cost of cyber crime to consumers and small business owners alike, is greater than $114 billion annually.
“We recognize that most small business owners are focused on running their businesses, and have limited resources and IT staff dedicated to managing their cyber security needs. Unfortunately, cyber criminals are increasingly making small businesses their targets, knowing they are likely to have fewer safeguards in place to protect themselves,” said Cheri McGuire, Vice President of Global Government Affairs and Cybersecurity Policy at Symantec.
“It’s important for small businesses to educate their employees on the latest threats and what they can do to combat them. Education, combined with investment in reliable security solutions, provides small business owners with a well-rounded approach to protecting their businesses and managing cyber risk.”
“The threats grow in number and complexity each day, but too many small business owners remain naively complacent,” said NCSA executive director Michael Kaiser. “The stakes are high for individual businesses and the nation as a whole: a single malware attack or data breach can be fatal to a small enterprise but the collective vulnerability of all our businesses is a major economic security challenge.”
The survey also found that 69 percent of their businesses handle customer data while about half (49 percent) handle financial records, one-third (34 percent) handle credit card information, one quarter (23 percent) have their own intellectual property, and one in five (18 percent) handled intellectual property belonging to others outside their company. When asked to rank the top concern of small business owners while their employees are on the Internet, 32 percent reported viruses, 17 percent spyware/malware and 10 percent reported loss of data. Yet only 8 percent are concerned about loss of customer information, 4 percent about loss of intellectual property and only 1 percent worry about loss of employee data, even though cyber security experts believe the loss of any of this kind of information would be devastating to a business.
Overall, cyber vulnerabilities and threats are steadily on the rise, according to the “Symantec Internet Security Threat Report, Trends for 2010,” the latest version of the company’s annual cyber security study. For example, the report found a 9 percent increase in web-based attacks.
In addition to struggling with the basics, many small businesses are failing to keep up with the increasing adoption of mobile and social media platforms. Just 37 percent of U.S. small businesses have an employee policy or guidelines in place for remote use of company information on mobile devices and just over one in three (36 percent) maintains a policy for employees’ use of social media.
Social networking platforms now provide hackers with the ability to easily research targets and develop powerful social engineering attacks. Smart phones and other mobile devices are also poised to play a large role with a sharp 42 percent rise last year in the number of reported security vulnerabilities, according to Symantec’s 2010 report.
Experts say that strong password protections, protecting USB devices and wireless networks matter to a firm’s security posture. Yet, a majority of firms (59 percent) do not use multifactor authentication (more than a password and logon) to access any of their networks. Only half (50 percent) reported they completely wipe data off their machines before they dispose of them and 21 percent never do. Two-thirds (67 percent) of U.S. small businesses allow the use of USB devices in the workplace.
The study was an online survey of 1,045 small business owners conducted by Zogby International from 9-21 September 2011. The survey had a margin of error of +/- 3.1 percentage points.