Photo of man using a laptop computer with hooded sweatshirt on

A Cyber Breach Puts More Than Your SMB’s Reputation At Risk

7 Nov 2016 by Bob Violino

This article originally appeared on November 4, 2015, and has been revised to bring our readers the most up-to-date technology information.

A cyber breach against a small company can bring operations to a halt, and can even put the company out of business. Even a single incident that damages the firm’s reputation or compromises the integrity of its digital storefront can result in unrecoverable losses.

Cyber security breaches can hurt any type of organization. But for small and medium businesses (SMBs), the results can be especially devastating because there’s often not as much of a safety net in place. Smaller companies, in most cases, can’t afford the backup facilities, nor do they have the security expertise or budget to quickly recover from cyber intrusions.

As Forrester Research points out in its 2015 report, “Understand The Business Impact And Cost Of A Breach,” security incidents can result in variety of costs to organizations:

“After a breach, there will be many costs associated with winning back customers and rebuilding customer loyalty, all of which can vary widely depending on your business and industry. Typically, banks and hospitals are affected the least here, since consumers are averse to the hassle of changing from one bank or hospital to another. Retailers, restaurants and hotels may see greater fluctuations as consumers can more easily take their business elsewhere. B2B companies can face brand costs in the form of delayed contract agreements and lost business as well. Most organizations have a good idea of how much it costs, on average, to acquire a new customer as well as average spending per customer and can thus extrapolate the total recovery costs and lost revenue.”

As reported by CIO, SMBs can incur a number of costs because of a cyber security breach. These include: the business that is lost during an attack; litigation from those who’ve suffered because of the attack; the costs of bolstering security following the attack; and the damage to the company’s reputation, which often has long term negative side effects.

Cyber breach statistics

The most current cyber breach statistics paint a scary picture of just how vulnerable SMBs are to data breaches. According to an IBM report (see chart below), cyber security breaches cost an average of $154 per record stolen. 

Bar graph showing probability of data breach

A Security Intelligence report outlines that between 2009 and 2013, the most common reason for a security breach was theft. Most were caused by unauthorized access, and nearly all breaches resulted in a loss to the entity.

Graph showing the types of data breaches

A related Symantec report from 2016 found that ransomware threats grew by an astounding 35% this past year alone. In par with this report is the findings of a Bit Sight report, which outlined the fact that 54.8% of US companies are not prepared for a cyber attack, with the average grade of “C” or lower marking the lack of preparedness. Most commonly, data breaches are caused by an insider, whether they are aware of it or not.

Pie chart showing the causes of data breaches

So what can smaller businesses do to prevent a cyber security breach? Here are a few suggestions:

  • Hire an experienced service provider. Many smaller companies lack the internal expertise and experience to build a comprehensive security program, or to properly maintain security functions on an ongoing basis. Lots of managed services are available to provide this type of expertise, and many offer affordable services to SMBs as well as larger companies. Among the services provided are consulting, network perimeter management and monitoring, and penetration testing as well as vulnerability assessments. To better balance spending, SMBs should consider outsourcing to certain service providers outright.
  • Develop a strong mobile security initiative. Mobile technology in the workplace is one of the fastest-growing trends in IT, with many workers using smartphones, tablets and other devices to support job functions. This is often true for SMBs, which allow employees, such as salespeople, technicians, engineers and consultants, to use mobile devices when they’re on the road or working from home. This presents a number of potential security challenges, such as loss or theft of devices, or unauthorized access to networks. In addition to setting definitive polices about how devices should be used, SMBs can adopt certain products, such as enterprise mobility management, to better control their mobile environments, and keep data and systems secure.
  • Leverage data analytics and threat intelligence. Big data/analytics and threat intelligence services are not just for large enterprises. SMBs can use these capabilities without going over budget. By taking advantage of huge volumes of information available about security threats and vulnerabilities, small businesses can get a better handle on what dangers they need to look out for, and how they can better prevent cyber security breaches.

If you need an extension to your IT staff to help secure your SMB, contact Insight at 1.800.INSIGHT. To learn more about emerging security solutions and how they can impact your organization, visit us online.