In the last one and a half years, small and medium businesses (SMBs) were forced to adopt digital technologies for enhanced business efficiency, and more importantly to survive and stay afloat. While many of them were not quite prepared for the sudden shift caused by the pandemic, the major concerns that begun to grow were centered around cyber security.
And that’s quite evident from a survey which showed in the past 12 months, cyber-attacks have cost more than Rs 3.5 crore for two in three (62%) among Indian SMBs. In fact, for 13% of these 62% SMBs, which sustained cyber-attacks, it cost them over Rs 7 crore while overall 74% of SMBs in the country suffered a cyber-attack in the past one year, resulting in 85% losing customer information to malicious actors, in addition to a tangible impact on business.
The data is, according to a new report by Cisco on cybersecurity for SMBs, a study that is based on an independent, double-blinded survey of over 3,700 business and IT leaders with cybersecurity responsibilities across 14 markets across the Asia Pacific region.
The survey highlighted that SMBs saw several ways in which attackers tried to infiltrate their systems. In India, malware attacks, which affected 92% of SMBs, topped the charts, followed by phishing (76%). 38% of those that suffered incidents said that the number one cause was not having cybersecurity solutions. Meanwhile, 36% ranked cybersecurity solutions not being adequate to detect or prevent the attack as the number one reason.
Besides the loss of customer data, SMBs that suffered a cyber incident also lost internal emails (73%), employee data (71%), intellectual property (74%), and financial information (75%). In addition, 73% of those said it disrupted their operations, 76% admitted it negatively impacted their reputation, and more than half (70%) said it resulted in a loss of customer trust.
However, SMBs are rising to the challenge. The study highlights that they are taking strategic measures like carrying out simulation exercises to improve their cybersecurity posture.
“As they digitize, SMBs are embracing the fact that any transformation, especially one that allows them to meet customers where they are and build trust, must begin with cybersecurity,” said Panish PK, Managing Director – Small Business, Cisco India & SAARC.
“However, given that they typically operate with limited resources and smaller teams, simplicity is the key to successful security deployments. According to the study, most SMBs (97%) feel that they have too many technologies and struggle to integrate them. At Cisco, we’re committed to working with India’s small and medium-sized businesses to help simplify and fortify their threat response and ensure infallible safety of their employees, assets, and customers,” he said.
Conquering Fear with Preparedness
Cisco’s study found that while SMBs in India are more worried about cybersecurity risks and challenges, they are also taking a planned approach to understand and improve their cybersecurity posture through strategic initiatives. According to the study, 89% of SMBs in India have completed scenario planning and/or simulations for potential cybersecurity incidents in the past 12 months. The majority have a cyber response (91%) and recovery plans (92%) in place.
SMBs are also increasingly aware of where their biggest cyber threats come from. The research highlighted that phishing ranked as the top threat (50%) by SMBs in India.
The good news is that SMBs are ramping up their investments in cybersecurity, with almost half (44%) of Indian SMBs having increased their security investment since the start of the pandemic by more than 5%.
These investments are well distributed across areas such as cybersecurity solutions, compliance or monitoring, talent, training, and insurance, suggesting a strong understanding of the need for a multi-faceted and integrated approach to building a robust cyber posture.
The report highlights certain recommendations for organizations of all sizes to improve their cybersecurity posture given the ever-changing landscape. They include having frequent discussions with senior leaders and all stakeholders, taking a simplified, integrated approach to cybersecurity, staying prepared through conducting real-world simulations, training and educating employees, and working with the right technology partner.