Advertisement

Small businesses especially vulnerable to hackers — report

More than half of small businesses have suffered a cyberattack or data breach in the last 12 months, and one-third don't know how it happened, according to a recent report.

More than half of small businesses have suffered a cyberattack or data breach in the last 12 months, and one-third don’t know how it happened, according to a recent report.

The Ponemon Institute surveyed almost 600 IT staff from businesses with fewer than 1000 employees — 70 percent of them in supervisory or management roles. The resulting report, said institute founder and Chairman Larry Ponemon, “sheds light on the specific challenges this group [of businesses] faces.”

The report, sponsored by password manager and “digital vault” purveyor Keeper Security, Inc., paints a depressing picture of the state of cyber-readiness of the nation’s small businesses.

Only 14 percent of the companies surveyed rated their cyber defenses as highly effective, principally because personnel and budgets aren’t sufficient. 

Advertisement

But there’s also a problem in IT security decision-making, according to respondents. CEOs and CIOs are the most likely executives to be decision-makers, but more than one-third (35 percent) of companies don’t have a single centralized decision-maker for IT security.

Sixty percent of respondents said they rely upon strong passwords and/or biometrics to reduce the risk of a breach, but 56 percent said they do not have or are unsure if their company has a policy on employees’ use of passwords or biometrics, such as a fingerprint. And 59 percent said they lack visibility into employees’ password practices, such as the use of unique or strong passwords.

Fifty percent of respondents had suffered a cyberattack, and 55 percent experiences a data breach within the past 12 months.

The most prevalent cyberattacks experienced by small businesses were web-based and phishing/social
engineering attempts. The most common cause of data breaches was a negligent employee or contractor (48 percent), or a third-party error (41 percent). But nearly one-third (32 percent) didn’t know what the cause was.

Shaun Waterman

Written by Shaun Waterman

Contact the reporter on this story via email Shaun.Waterman@FedScoop.com, or follow him on Twitter @WatermanReports. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at CyberScoop.com.

Latest Podcasts