The overwhelming majority of cyber security attacks on small to medium sized enterprises (SMEs) result from poor password management, a study of 1,000 UK and US SMEs by the Ponemon Institute shows.
Despite this fact, SMEs are doing very little to boost visibility into the password practices of their employees, according to the study sponsored by password management firm Keeper Security.
The study report said employee negligence is the top root cause of successful data breaches.
“Survey respondents believe cyber attacks are becoming more targeted, more severe in terms of consequences, and more sophisticated,” said Larry Ponemon, chairman of the Ponemon Institute. “So you would think things would be getting better in terms of protecting themselves, but they are really trending to worsening.”
According to the survey – 61% of respondents reported a cyber security attack, up from 55% a year ago – while 54% reported a data breach, up from 50% a year earlier.
Ransomware attacks were reported by 52% of respondents, with 53% of those reporting they were hit by more than one ransomware attack.
The total costs associated with successful cyber attacks on SMEs now total well in excess of £1m, meaning a single attack could bring an SME to its knees financially.
Not only has the cost of data breaches risen to an average of just over £1.2m including all attack mitigation and business disruption costs from £717,909 a year ago, but the average number of records stolen has soared from just over 5,000 per attack last year to 9,350 this year – an 87% increase.
While 54% of respondents say the root cause of the attacks are negligent (not malicious) employees, a full third of the companies surveyed could not even determine the root cause.
An ongoing lack of attention to password usage underlies much of the cyber security woes at SMEs, the study said, referring to the latest Verizon Data Breach Investigations Report, which noted that 81% of all cyber attacks result from poor password management practices.
More information about SME cyber security risks
- SMEs are failing to address cyber threats despite the risks.
- SMEs typically face the same threats as bigger organisations, but lack the same level of expertise and other security resources.
- The latest Ponemon research shows that 59% of respondents said they have no visibility into their employees’ password practices, which is unchanged from a year ago.
Among the bad practices cited are using the same passwords for access to multiple accounts and servers; sharing passwords in highly insecure ways; and failing to use strong passwords, settling instead for 123456 or other very easily compromised passwords.
Less than half – 43% – of SMEs surveyed have any sort of password policy in place. And of those that do have such a policy in place, 68% (up from 65% last year) said they either do not strictly enforce the policies or are unsure if they are enforced.
According to the study, SMEs need to implement greater data protection beyond the “traditional” protection tools, with two-thirds of respondents reporting cyber attacks that evaded the company’s intrusion protection defenses, up from 57% a year ago, and 81% reporting such attacks evading traditional antivirus defences, up from 76% last year.
The Ponemon study shows that the top barriers to adopting better cyber defences are a lack of trained security staff (73%) and inadequate budget (56%).
However, the report said given the enormous costs associated with a data breach, failing to protect against today’s dynamic threat environment could prove disastrous, and the costs associated with doing so may not be as high as imagined.
So if you want to save yourself stress, money and a damaged reputation from a cyber incident with affordable, live systems protection please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOW