When it comes to cybersecurity among small to medium businesses there’s a certain amount of herd mentality. Business leaders are aware there’s a risk, but they tend to assume some other unfortunate member of the herd will fall victim to predators while the rest of the herd continues to move on.
A survey of 509 senior business leaders at organizations with fewer than 500 employees conducted by YouGov on behalf of Keeper Security, a provider of password management tools, published this week illustrates how pervasive this herd mentality is. Overall, 66% of respondents said they think a cybersecurity attack is unlikely. A full 62% of respondents from companies that generate between $1 million and $500 million in revenue believe experiencing a cyberattack is not likely. Among companies with less than $1 million in revenue, an astounding 73% say it’s unlikely they will experience a cyberattack.
Among larger businesses, there appears to a little more appreciation for the threat. Over half (53%) of businesses with 100-500 employees believe an attack is somewhat or very likely to happen to them, with 19% concluding it’s very likely.Survey: 53% of businesses with 100-500 employees believe a #cyberattack is somewhat or very likely to happen to them, with 19% concluding it’s very likely. ~ @mvizard #databreach #infosecClick To Tweet
Only 7% of CEOs, corporate chairs and owners among the respondents said a cyberattack is very likely, compared to 43% who said a cyberattack is not at all likely.
Not as surprising, there seems to be a generation gap when it comes to appreciating the cybersecurity threat. Nearly one in three (32%) of respondents between the age of 18 and 34 said an attack was “very likely” while only 5% of those 55 and older believed the same. Respondents from newer businesses that have been operating for less than five years believe they are much more vulnerable to a cyberattack, with 28% reporting they believe an attack is “very likely” compared with only 6% among respondents at companies operating for 10 or more years. A full 70% of respondents from those businesses said a cyberattack is not very likely or not likely at all.
Among respondents with postgraduate degree respondents, 41% believe a cyberattack on their company is likely, compared to only 27% of respondents with some college education. Only 2% surveyed without any college education rank cybersecurity as a top business priority, while 9% of degree holders from 4-year colleges and 15% of postgraduate degree holders rank cybersecurity as a top priority.
More troubling still, a full 60% of respondents say they do not have a cyberattack prevention plan. In fact, only 9% of businesses rank cybersecurity as a top business priority, while 18% ranked cybersecurity as their lowest priority. A quarter (25%) said they don’t even know where to start when it comes to cybersecurity and only a third (33%) said they believe company leadership is responsible for cybersecurity. Slightly more respondents (37%), have a dedicated IT or cybersecurity team
In terms of a potential cybersecurity strategy, about half of respondents appear to have a clue, with enforcing a company security policy (58%), utilizing a security vendor (52%), ongoing employee education (48%) all identified as good things to do.New survey reveals that only 58% of SMB companies prioritize enforcing a #CyberSecurity policy. @mvizard #infosec #databreachClick To Tweet
Given all the competing priorities business leaders have on their minds it’s understandable they may not have cybersecurity at the top of their list of issues to tackle. However, the survey makes it clear most SMBs are whistling past the proverbial graveyard. A 2018 study conducted by The Ponemon Institute on behalf of Keeper Security found 67% of SMBs had experienced a cyberattack and 58% had a data breach in the last 12 months.
Despite recent headlines, it’s obviously still a major challenge for IT professionals to get business leaders to appreciate cybersecurity as a major threat to the business, which often results in cybersecurity being underfunded. The problem, of course, is cybercriminals are not a comparatively small number of predators looking to take down a few unfortunate members of the herd. They are developing capabilities that will enable them to take down the entire herd at once. As that reality sets in, it’s now only a matter of time before business leaders appreciate the full extent of the peril they face.
Serious threats may be hiding in your Office 365 mailboxes.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.