SMBs Underestimate Potential Damage from Data Breaches

By Erin Harrison November 19, 2012

While small and medium-sized businesses (SMBs) are aware of potential security threats, they appear to underestimate the damage they can cause their business, according to a new study of U.S. and U.K.-based SMBs.

The top three threats to their organizations listed by U.S. respondents included “proliferation of unstructured data,” (69 percent), “unsecure third parties including cloud providers,” (65 percent) and “not knowing where all sensitive data is located, (62 percent),” according to the Faronics-commissioned study, “State of Cyber Security Readiness,” which was conducted by The Ponemon Institute.

In addition, more than three quarters of respondents in both the U.S. and U.K. – 76 percent and 77 percent respectively – cited check or credit card fraud either “likely” or “very likely” as the threats most likely to affect their organization’s ability to achieve its business objectives.


Image via Shutterstock

“Although organizations have become more aware of potential threats, they do not seem to accurately perceive the repercussions associated with data breaches,” Dmitry Shesterin, vice president of product management at Faronics, said in a statement. “Findings indicate that organizations do not understand the full costs and damages they will suffer as a result of a data breach. These organizations need to become more proactive about their security programs in order to minimize the damage they will inevitably experience from one, if not more, data breach.”

U.K. respondents’ concerns regarding security were slightly different: 62 percent believe “proliferation of end-user devices” is a key issue, as well as “lack of security protection across all devices,” (cited by 56 percent) and “unsecure third parties including cloud providers,” (53 percent).

The majority of U.S. SMBs (64 percent) cited lack of personnel as a primary barrier to achieving effective security; meanwhile, 62 percent of U.K. respondents consider “the complexity of compliance and regulatory requirements” as a key barrier. In addition, 50 percent of U.S. respondents noted “lack of central accountability” and 41 percent listed “lack of monitoring and enforcement of end users.”

In terms of the impact of data breaches on their organizations, more than half of U.S. and U.K. respondents cited the loss of time and productivity most frequently. Both U.S. and U.K. respondents also listed damage to their organization’s brand second. According to the findings among companies that experienced a data breach:

  • 42 percent of U.S. respondents and 38 percent of U.K. respondents stated they “lost customers and business partners”
  • 41 percent and 34 percent of U.S. and U.K. respondents, respectively experienced an increase in the “cost of new customer acquisition”
  • 35 percent of U.S. respondents and 31 percent of U.K. respondents “suffered a loss of reputation.”

“This is the first study to investigate what smaller companies in North America are doing to prevent and detect cyber attacks,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “Results indicate that companies tend to seriously underestimate the potential damage to brand and reputation, revealing a great data breach perception gap. Misconceptions about the consequences associated with a data breach are preventing organizations from implementing the necessary financial tools, in house-expertise and technologies to achieve cyber readiness.”




Edited by Brooke Neuman

Executive Editor, Cloud Computing

SHARE THIS ARTICLE
Related Articles

GENBAND & Sonus Go Dutch for Merger

By: Maurice Nagle    5/23/2017

Mergers and acquisitions are the norm in business. However, it's not every day that two major cloud communications players with highly complementary o…

Read More

The Killer App for VR: The Ability to Meet Yourself

By: Rob Enderle    5/23/2017

I was at a VR event this week, and I'm sure the speaker misspoke when he said that one of the benefits of VR is the ability to meet yourself. But the …

Read More

WannaCry Ransomware Holds Files Hostage: Best Practices to Avoid Being a Victim

By: Special Guest    5/23/2017

More than 200,000 computers in more than 150 countries were crippled by a massive ransomware attack, dubbed WannaCry, and security experts warned that…

Read More

LeoSat Secures Japanese Investment for Enterprise Broadband Satellite Network

By: Doug Mohney    5/23/2017

Another broadband satellite cloud network moved closer to reality this month, with LeoSat securing an investment from SKY Perfect JSAT (SJC) Corporati…

Read More

Organizations Can Combat WannaCry & Jaff Ransomware With Well Instrumented DNS

By: Special Guest    5/22/2017

The Infoblox Intelligence Unit observed two global malware outbreaks on Friday, May 12. Although there is no indication that the two attacks were rela…

Read More