Why Your SMB Is Unprepared For A Cyberattack


Technology has given small- and medium-sized businesses (SMB) countless opportunities to grow and expand.

But with these opportunities comes serious risks.

In the modern age, there is a growing threat of cyberattacks and intrusions. Are you prepared to prevent them? 

In the summer of 2019, Keeper led a survey of 500 decision-makers at SMBs. This survey was designed to look into the current mindset around cyberthreats. It concluded that many SMBs are completely unprepared to handle a cyberattack.

Here are six things the survey learned about how SMBs are mishandling cyberthreats.


1. Cybersecurity Is Not On The “To Do” List

The biggest oversight in cybersecurity is to assume you don’t need it, or ascribe it a low value compared to your business’s other priorities.

Over half of the Keeper survey respondents (60%) stated that their company does not have a cyberattack prevention plan in place.

Only 9% ranked cybersecurity as a top priority, and double that (18%) ranked it as the lowest priority. Nearly half of the respondents (43%) claimed a cyberattack was not at all likely for them.


How would you rate your organization's cybersecurity? Get a free assessment to guide you. 


2. Leaders Undermine The Risks and Assume They Have Better Things To Do

Of the SMB leaders surveyed, 66% stated that they believed a cyberattack was unlikely.

Many of these leaders will rank cybersecurity last of their concerns, behind other issues such as recession, threats to public reputation, and business model disruption.

Over half (60%) ranked cybersecurity in the bottom half of their priority list.

While cyberthreats may seem like a non-issue to company leaders, 67% of SMBs experienced a cyberattack within the last year.


3. Leaders Don't Know Where To Begin

When asked what the most effective method for preventing a breach of cybersecurity was, the top answers included enforcing a company security policy, using a security vendor, and ongoing employee education.

However, one-fourth of the respondents stated that they would not know where to begin with cybersecurity.


4. Leaders Fall For A Common Myth AboutTheir SMB

There is a common myth about being “unappealing” to potential hackers and attackers.

Of companies with revenue between $1-500 million, over half of the survey respondents (62%) stated that a cyberattack wasn’t likely. This percentage increases to 73% for those companies with revenue under $1 million.

Age is also a major factor in the idea of hacker appeal. Respondents from newer companies with less than 5 years of operation were much more likely (28%) to respond that an attack was “very likely.” Only 6% of respondents from companies with more than 10 years operation stated the same.

The types of services provided were also another factor in appeal. Companies working in financial services were much more likely to state there was a high risk (47%) whereas few media/entertainment-based businesses stated the same (4%).  


5. Whose Job Is It?

In an SMB, what position should be responsible for cybersecurity?

Of the survey respondents...

  • One-third (33%) believed it is the job of company leadership.
  • Only 9% believe it is the job of the individual employees.
  • Over half of company leaders believe it is their priority (62%).
  • One-third believe it is the job of a specialized team (37%).

While most of the respondents agree on the job belonging to leadership, as stated earlier, leaders tend to overlook cyberattacks as a threat. This puts cybersecurity as the responsibility of those that put it low on their to-do list, making an SMB vulnerable to attack.


6. Password Policies Are A Strong Defense

The Keeper survey found that one of the ways SMBs did take cybersecurity seriously was in their passwords.

Of the respondents, 69% affiliated a password as being the first line of defense.

And 75% of companies surveyed had a policy in place that encourage or require employees to update their passwords regularly.

However, 13% of company leaders were unaware of these policies.

As stated before, 67% of SMBs experienced cyberattacks within the last year. This means an SMB is more likely than not to require cybersecurity to keep their company’s information safe and secure. However, the current mindset about cybersecurity keeps it as a low priority.

To keep your company’s information secure and prevent breaches, an SMB must put cybersecurity high on the “to-do” list, set it as the responsibility of someone that will give it high priority, and be aware of possible threats regardless of the company’s size or market.

Being prepared for a cyberattack begins with you.  

New Call-to-action

Read On