SMBs Underestimate Potential Damage from Data Breaches

By Erin Harrison November 19, 2012

While small and medium-sized businesses (SMBs) are aware of potential security threats, they appear to underestimate the damage they can cause their business, according to a new study of U.S. and U.K.-based SMBs.

The top three threats to their organizations listed by U.S. respondents included “proliferation of unstructured data,” (69 percent), “unsecure third parties including cloud providers,” (65 percent) and “not knowing where all sensitive data is located, (62 percent),” according to the Faronics-commissioned study, “State of Cyber Security Readiness,” which was conducted by The Ponemon Institute.

In addition, more than three quarters of respondents in both the U.S. and U.K. – 76 percent and 77 percent respectively – cited check or credit card fraud either “likely” or “very likely” as the threats most likely to affect their organization’s ability to achieve its business objectives.


Image via Shutterstock

“Although organizations have become more aware of potential threats, they do not seem to accurately perceive the repercussions associated with data breaches,” Dmitry Shesterin, vice president of product management at Faronics, said in a statement. “Findings indicate that organizations do not understand the full costs and damages they will suffer as a result of a data breach. These organizations need to become more proactive about their security programs in order to minimize the damage they will inevitably experience from one, if not more, data breach.”

U.K. respondents’ concerns regarding security were slightly different: 62 percent believe “proliferation of end-user devices” is a key issue, as well as “lack of security protection across all devices,” (cited by 56 percent) and “unsecure third parties including cloud providers,” (53 percent).

The majority of U.S. SMBs (64 percent) cited lack of personnel as a primary barrier to achieving effective security; meanwhile, 62 percent of U.K. respondents consider “the complexity of compliance and regulatory requirements” as a key barrier. In addition, 50 percent of U.S. respondents noted “lack of central accountability” and 41 percent listed “lack of monitoring and enforcement of end users.”

In terms of the impact of data breaches on their organizations, more than half of U.S. and U.K. respondents cited the loss of time and productivity most frequently. Both U.S. and U.K. respondents also listed damage to their organization’s brand second. According to the findings among companies that experienced a data breach:

  • 42 percent of U.S. respondents and 38 percent of U.K. respondents stated they “lost customers and business partners”
  • 41 percent and 34 percent of U.S. and U.K. respondents, respectively experienced an increase in the “cost of new customer acquisition”
  • 35 percent of U.S. respondents and 31 percent of U.K. respondents “suffered a loss of reputation.”

“This is the first study to investigate what smaller companies in North America are doing to prevent and detect cyber attacks,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “Results indicate that companies tend to seriously underestimate the potential damage to brand and reputation, revealing a great data breach perception gap. Misconceptions about the consequences associated with a data breach are preventing organizations from implementing the necessary financial tools, in house-expertise and technologies to achieve cyber readiness.”




Edited by Brooke Neuman

Executive Editor, Cloud Computing

SHARE THIS ARTICLE
Related Articles

Machine Learning & EHSQ: An Overview

By: Special Guest    7/21/2017

No matter what industry you work in, you've likely been hearing about the importance, and prevalence, of machine learning and analytics. But what do t…

Read More

10 Announcements From WWDC That Impact Mobile-First Businesses

By: Special Guest    7/20/2017

With several announcements made during Apple's annual WorldWide Developers Conference (WWDC), here are the top 10 that mobile-first businesses should …

Read More

How Artificial Intelligence is Changing the Travel Experience

By: Special Guest    7/20/2017

In tech circles and beyond, AI is the mot du jour lately, often thrown around in speculative conversations as the magical key that will unlock previou…

Read More

Attacking Democracy: Should DDoS Be Considered a Legitimate Form of Protest?

By: Special Guest    7/19/2017

It used to be that news about DDoS attacks was largely limited to tech websites and other specialized information sources, where the focus was on atta…

Read More

How AI is Changing the Way We Invest

By: Special Guest    7/14/2017

According to Investopedia, algorithmic trading already comprises 70 percent of daily trading. As trading becomes more automated, the need for human an…

Read More