Small Businesses Are Swimming in Shark-Infested Cyber Waters

If you’re a small business owner, you’re gonna need a bigger boat.

The Identity Theft Resource Center (ITRC), a stalwart non-profit in the domain of identity crime support, has just unveiled its annual 2023 Business Impact Report (BIR) and it shows a veritable feeding frenzy is currently ravaging small companies.

The ITRC surveyed 551 small businesses—owners, leaders, and frontline employees—to gather intelligence on the impact of cybercrime on their operations. The numbers are both impressive and sobering.

A record-breaking 73 percent of small businesses reported being targeted in a cyberattack in 2023. That’s three out of every four businesses.

In a surprising twist, a whopping 85 percent of those surveyed believe they’re prepared and ready, having taken steps to shore up their digital fortresses, up from 70 percent in 2022. It seems small businesses have adopted the “bring it on” attitude.

But let’s dive deeper. When it comes to the frontline, employee and consumer data are the most coveted prizes for cybercriminals. The report revealed that 42 percent of small businesses felt the sting in their coffers after a cyber incident, with a three-point drop from the previous year.

But that’s not all; 32 percent reported a loss of customer trust, and another 32 percent suffered from employee turnover following a breach. It seems that in the world of small business, trust is a currency all its own. While the financial impact of data breaches has seen a downward trend, with more businesses reporting losses under $250,000, the aftershocks are still felt.

In an interesting turn of events, cyber insurance has emerged as the knight in shining armor for many small businesses, accounting for 33 percent of recovery funding, followed by good old-fashioned cash reserves. But getting that knight on your side has become more difficult because insurance payouts have become so colossal that it’s now harder to qualify for cyber insurance.

To overcome this, companies need to work with cyber security consulting firms to give them a comprehensive assessment of their cybersecurity posture, ensuring they meet the criteria set by insurers to qualify for the best possible coverage.

In a slightly troubling development, 13 percent of businesses had to reduce their headcount to offset the costs of a data breach. It seems that when it comes to cybersecurity, the stakes are as high as ever.

And now, for the plot twist. Seventeen percent of organizations that experienced a data breach didn’t send out data breach notices to impacted consumers. Of those, 50 percent said it was because the lawmen (law enforcement) asked them not to, while 38 percent claimed that no personal information was exposed. Twenty-one (21) percent said there was no risk of harm from the compromised data. It seems the road to transparency is a winding one.

The report also sheds light on the adoption rates of cybersecurity tools and practices. Multi-Factor Authentication (MFA), mandatory strong passwords, and role-based access for employee data all hover around the 20 to 34 percent mark in terms of adoption rates. Similarly, consumer data collection, use, and storage practices vary, with adoption rates ranging from 21 to 37 percent. State laws play a significant role in shaping these practices, with many requiring data best practices such as data access, opt-in to data collection, opt-out of data sales, and rights to correct and delete certain types of information.

To conclude, while the report offers a comprehensive look at the state of cybersecurity in small businesses, it also serves as a clarion call. The battle may be raging, but the war is far from over. Small businesses must remain vigilant, adopting best practices and employing the necessary tools to protect their digital domains. After all, in the world of cybersecurity, it’s not just about surviving; it’s about thriving.

Contact Cyber Defense Advisors with any questions or concerns you may have. Tell us what keeps you up at night, and we’ll work with you to find the best solution. Partnering with the right cyber security firm will give you the confidence to face any cyber shark in the water and say: “Smile you son of a…!