Data Security and Business Size
Do Small and Mid-Sized Firms Need to Worry About Cyber Security?
By David Counter
It may be easy to assume that operating as a little-known mid-sized company is enough to keep you safe from cyber attacks. After all: if your business doesn’t make the front page, how will cyber criminals even know you exist? If your organization serves a regional population with specialized medical services, why would thieves bother to target you when they could target a larger healthcare network?
Unfortunately, believing that size or notoriety is what criminals look for in their targets is one of the greatest myths about cyber security—and believing this or any other common myths can make your organization vulnerable to attack. That’s why we’re debunking 3 common cyber security myths and encouraging small and mid-sized business owners to reconsider their IT security as they head into 2019.
Myth #1: Small and mid-sized businesses don’t have anything cyber-criminals want to steal.
Reality: Every organization that collects customer information is vulnerable to a breach.
Personally identifying information can fetch high prices among other criminals, which is why any organization that collects names, phone numbers, addresses, and credit card or social security information is vulnerable to attack. In fact, the California attorney general observed attacks at retailers, dentist offices, colleges, and community centers—several of which had significant and long-lasting impacts.
Myth #2: Small and mid-sized businesses aren’t vulnerable to cyber attacks.
Reality: Over 2 out of every 5 phishing attacks target small businesses.
Allowing yourself to believe this myth may lull you into a false sense of security. It turns out that small and mid-sized businesses are the target of a greater number of attacks than larger organizations. According to one study, 65% of phishing attacks targeted small and mid-sized businesses.
Myth #3: Small and mid-sized businesses have a smaller footprint, so it’s not as expensive to recover from attacks as large businesses.
Reality: The cost to recover from a cyber attack can cripple a business of any size.
It’s true that major breaches at large, multinational corporations can be expensive. One study found that the average cost of a breach to companies worldwide was $3.86 million and the average cost of an American breach topped out at $7.91 million.
At the same time, another study found that smaller firms face losses of nearly $900,000 to recover IT assets and losses of nearly $1 million due to disruption to day-to-day operations. In absolute terms, these figures may not be as high as those faced by larger companies. But proportionally to business size, these figures can cause more significant and lasting damage—and they may even cause small and mid-sized businesses to shut down.
The Best Response is Planning Ahead
If you’re running a small or mid-size organization, it’s easy to follow news of major data breaches with a sigh of relief. “At least it wasn’t us,” you might think. “Good thing we’re not as large or high profile as that international hotel chain,” you might muse. “If we stored that much sensitive customer data, we would have a better plan to protect it,” you may boast.
But if you’re a small or mid-sized business, you very likely do store customer data and almost certainly should have a better plan in place to protect it.