Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

7/26/2019
11:50 AM
Dark Reading
Dark Reading
Products and Releases
100%
0%

2019 SMB Cyberthreat Study: Most SMBs Severely Underestimate Their Cybersecurity Vulnerabilities

SMBs are the primary target for cyberattacks, yet most are unprepared.

CHICAGO, July 25, 2019 /PRNewswire/ -- U.S. businesses are ripe for the picking when it comes to cybercriminals and cybersecurity risks, but a new survey shows that cybersecurity efforts are not at the top of the list when it comes to where leaders are putting their focus and efforts.

The 2019 SMB Cyberthreat Study, which surveyed more than 500 senior level decision makers at companies with 500 employees or less (SMBs), was commissioned by leading cybersecurity provider Keeper Security to identify the gaps between awareness and action in business cybersecurity needs. Among the findings, two out of three business leaders surveyed (66%) don't believe they'll fall victim to a cyberattack. But a previous study conducted by the Ponemon Institute for Keeper found that 67% of business had been attacked within the prior 12 months. 

"Businesses face a vulnerability crisis when it comes to cybercriminals, and this reality won't get better until cybersecurity gets higher billing on their to-do list," said Darren Guccione, CEO and co-founder of Keeper. "Our Cyberthreat Study findings show that many companies don't know where to start with cybersecurity prevention and even more don't think they will fall victim to an attack, but it's time they dramatically change their perspectives and put a plan in place. We are working very hard to educate SMBs about how they can protect themselves quickly and on a cost-effective basis."

Misconception of Threat Vulnerability 
Of the senior decision makers surveyed, 66% think a cyberattack is not very or at all likely to happen to them, but previous Ponemon Institute research reported that nearly seven in ten (67%) businesses were attacked in the last year, pointing to a major perception gap. Keeper's 2019 Cyberthreat SMB Study found that only about one in ten (12%) understand the reality that an attack is very likely, no matter how big or small the company.

The 2019 Cyberthreat SMB Study also reveals differences in perception between newer and more mature businesses, with companies in business less than five years believing they're at a much higher risk than those operating for 10 or more years. Of companies in business less than five years, 28% believed it was "very likely" that they will be the target of a cyberattack, while only 6% operating for 10 or more years thought the same. In fact, 70% of businesses operating for 10 or more years believe a cyberattack is not very likely or not likely at all. 

Lack of organizational awareness into cybersecurity's importance 
Of the leadership polled, only 9% thought cybersecurity was the most important aspect of their business when compared with recruitment, marketing, sales, quality of internal tools, and contributing to social good. In fact, nearly one in five respondents (18%) ranked cybersecurity as the least important aspect of all six. 

Furthermore, respondents ranked a recession, damage to public reputation and a disruption to the business model as the most prominent threats to their business. Cybersecurity was ranked last by over one in five surveyed (21%), despite the fact that such an attack would likely cause both a disruption in business model and damage to public reputation. 

Disconnect between password security and cyberattack prevention strategy
Most companies understand the critical role of passwords when it comes to security. The majority of respondents (69%) expressed positive sentiment about passwords, saying passwords make them feel "confident" or "secure." Furthermore, 75% of companies have policies in place that encourage or require employees to update their passwords regularly.

However, 60% of respondents reported not having any prevention plan in place against a cyberattack. Since 81% of breaches are caused by weak or stolen passwords, the difference in reported password policies and lack of prevention plans points to a disconnect in understanding that password security is itself a strategic prevention plan.

Furthermore, a quarter of business leaders surveyed (25%) admitted they don't even know where to start when it comes to cybersecurity. Cybersecurity starts with password security. 

About the 2019 SMB Cyberthreat Study
All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 509 senior decision makers at companies with 500 employees or less. Fieldwork was undertaken between June 28 and July 5, 2019. The survey was carried out online. The figures have been weighted and are representative of all SDM at companies with 500 employees or less. 

About Keeper Security, Inc.
Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their passwords and sensitive digital assets to significantly reduce cybertheft and data breaches. Keeper is the leading provider of zero-knowledge security and encryption software covering password management, dark web monitoring, digital file storage and messaging. Named PC Magazine's Best Password Manager of 2018 and awarded the Publisher's Choice Cybersecurity Password Management InfoSec Award for 2019, Keeper is trusted by millions of people and thousands of businesses to protect their digital assets and help mitigate the risk of a data breach. Keeper is SOC-2 and ISO 27001 Certified and is also listed for use by the Federal government through the System for Award Management (SAM). Keeper protects businesses of all sizes across every major industry sector. Learn more at https://keepersecurity.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16029
PUBLISHED: 2020-01-26
A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. Th...
CVE-2020-3115
PUBLISHED: 2020-01-26
A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerabi...
CVE-2020-3121
PUBLISHED: 2020-01-26
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplie...
CVE-2020-3129
PUBLISHED: 2020-01-26
A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker c...
CVE-2020-3131
PUBLISHED: 2020-01-26
[CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability i...