Small and medium-sized businesses (SMBs) remain critically unprepared for cyber attacks, according to new research.
An analysis of more than 1,000 risk assessments revealed that just 31 per cent of SMBs have identified threats and only half have assessed security attack targets or devised a response plan for an incident.
Meanwhile, just 43 per cent have sought to educate all of their employees about cyber threats and only 57 per cent have drawn up a plan of action to recover from incidents.
The findings come as the cost of attacks on smaller businesses grows, with hackers taking advantage of weak defences. The total average cost of the impact of cyber attacks and IT theft rose to more than $2m in 2017, according to the Ponemon Institute.
“These results highlight how unprepared many small business owners still are for cyber security attacks,” said John Ford, chief information security officer of ConnectWise, which carried out the research.
“Partly due to the intense media focus on massive security breaches like Equifax and Marriott, many SMBs continue to operate under the belief that security breaches only impact large enterprises.”
Sign up to Emerging Threats, our weekly cyber security newsletter
According to the National Cyber Security Alliance, 70 per cent of cyber attacks target SMBs, which have been described as “low-hanging” fruit by some security vendors.
A survey earlier this year revealed that directors of SMBs are more concerned about suffering a data breach than flooding, fires, transit strikes or burglaries. Amid growing concern about cyber attacks, ConnectWise has predicted that remote security will be the highest growth area in the managed services market over the next two years.