Small business owners who haven’t considered a thorough cybersecurity plan may soon find themselves without a business to protect. Hackers became more active and empowered during the global coronavirus pandemic than ever. And small businesses have historically had difficulty recovering from a significant security breach.
Cybercriminals have gained access to more small businesses through several catastrophic breaches than ever. It’s no longer a legitimate option to react to such attacks simply. Business owners must be proactive with their cybersecurity to survive and thrive.
Security Breaches Can Be Devastating to Small Businesses
According to CNBC, hackers targeted small businesses 43% of the time, which might be because only 14% were prepared to defend themselves.
Different reports have rendered different estimates on the cost of these infiltrations, but none are cheap.
Check out this video on the growing costs of cybercrime:
The Hiscox Cyber Readiness Report of 2019 stated that a business’s average cyberattack cost was $200,000. That’s certainly a tough pill to swallow. But it pales compared to the number created by the Ponemon Institute and IBM.
Their 2020 Cost of Data Breach Report stated that the average data breach cost $3.86 million in 2020. That would be a devastating number for many bigger corporations, let alone a small business.
And the fallout is real.
More Troubling Statistics About Small Businesses & Cybersecurity
According to the National Cyber Security Alliance, 60% of companies go out of business within six months after falling victim to a data breach. That makes total sense considering the high costs of such a breach. But what’s surprising and tragic is that most firms still don’t view cyberattacks as a legitimate threat.
Keeper Security’s 2019 SMB Cyberthreat Study found that 66% of senior decision-makers at small businesses believed they were unlikely to be targeted by criminals.
An Inc.com report drew from data gathered from CEOs of over 1,300 small to mid-size businesses. More than 60% of the firms didn’t have an up-to-date cybersecurity strategy or any strategy at all.
As cybercriminals get smarter and more active, small businesses must match their evolution or get left in the dust.
Why Do Data Breaches Cost So Much?
You might wonder how these reports land on such high figures for data breach costs. It starts with the cost of hiring experts. In most cases, firms must conduct a forensic audit to determine how they were infiltrated. Audits can cost anywhere from $10k to over $100k, depending on the business size.
When customer data is leaked, the firms can be fined tens of thousands of dollars for the breach.
Many companies pay the price in time. Each business must thoroughly investigate how many people and aspects of their company were threatened by the attack. Each individual who may be at risk must be contacted, and that list can get quite large if, say, you own a restaurant and the data from your credit card transactions are leaked. If the breach is particularly sinister, aspects of the business may be forced to shut down altogether until the problem is fixed.
Check out this video detailing just how much a major cyberattack can cost:
But perhaps the biggest cost is reputation. In 2019, Deloitte determined that up to 90% of the total costs in a cyberattack occur ‘beneath the surface.‘ These hidden costs can affect businesses years after a breach. They include loss of trust in the business, diminished brand reputation, and increased costs concerning debt financing. And these costs are not covered by any insurance.
And then there are the potential costs of a cybercriminal asking for a hefty ransom in exchange for your leaked files. Although we recommend not paying ransoms, some firms will inevitably choose differently.
In almost every case, businesses could reduce costs simply by having a plan.
How Can You Protect Your Business?
The only way to protect your business is to be prepared. First and foremost, you should consult with a cybersecurity expert. Budget-allowing, you should have an expert to respond to any breach.
But even if you can’t afford to hire a full-time cybersecurity position, there are simple steps you can take to mitigate risk.
- Require long, varied passwords for any sensitive accounts
- Enable two-factor authentication for any sensitive accounts
- Invest in basic cybersecurity training so employees can avoid common pitfalls such as social engineering
- Install and regularly update anti-virus software
- Limit employees’ access to sensitive data
- Conduct regular vulnerability tests and risk assessments
And if you think you’ve been hacked or just want to get proactive on your cybersecurity journey, don’t hesitate to contact us.
Featured image by dp.VUE.images from Shutterstock.com