Small businesses especially vulnerable to hackers — report

More than half of small businesses have suffered a cyberattack or data breach in the last 12 months, and one-third don’t know how it happened, according to a recent report.

The Ponemon Institute surveyed almost 600 IT staff from businesses with fewer than 1000 employees — 70 percent of them in supervisory or management roles. The resulting report, said institute founder and Chairman Larry Ponemon, “sheds light on the specific challenges this group [of businesses] faces.”

The report, sponsored by password manager and “digital vault” purveyor Keeper Security, Inc., paints a depressing picture of the state of cyber-readiness of the nation’s small businesses.

Only 14 percent of the companies surveyed rated their cyber defenses as highly effective, principally because personnel and budgets aren’t sufficient. 

But there’s also a problem in IT security decision-making, according to respondents. CEOs and CIOs are the most likely executives to be decision-makers, but more than one-third (35 percent) of companies don’t have a single centralized decision-maker for IT security.

Sixty percent of respondents said they rely upon strong passwords and/or biometrics to reduce the risk of a breach, but 56 percent said they do not have or are unsure if their company has a policy on employees’ use of passwords or biometrics, such as a fingerprint. And 59 percent said they lack visibility into employees’ password practices, such as the use of unique or strong passwords.

Fifty percent of respondents had suffered a cyberattack, and 55 percent experiences a data breach within the past 12 months.

The most prevalent cyberattacks experienced by small businesses were web-based and phishing/social
engineering attempts. The most common cause of data breaches was a negligent employee or contractor (48 percent), or a third-party error (41 percent). But nearly one-third (32 percent) didn’t know what the cause was.