Small Business Security Breaches Add up to Big Losses
Another week, another security breach. In what’s starting to feel like a regularly scheduled event, a major retailer or service provider makes the news because of a major data breach. Rarely, if ever, do security breaches affecting small businesses grab headlines. But they happen, and when they do they can seriously damage a company’s finances. A recent report from the security specialists at Kaspersky reveals that on average, recovering from a security breach costs small businesses $38,000. Although it’s a drop in the bucket compared to the $551,000 sting suffered by large enterprises, not all small businesses can take with that kind of a hit without it affecting their growth, or outright slamming the brakes, on their business.
Small Business Data Security Denial
A data breach is preventable, stressed Andrey Pozhogin, senior product marketing manager at Kaspersky Lab North America. But as usual, human nature throws a wrench into the works. Most small business owners understand that risks to their networks, PCs, and servers exist; they just don’t think it can’t happen to them, Pozhogin told Small Business Computing. “Although [small business] awareness around security is up, it’s not affecting their security strategies,” said Pozhogin. Despite the attention-grabbing headlines and the occasional replacement credit/debit card in the mail—courtesy of the latest large-scale data breach—those concerns fade the moment a small business owner gets to work. Entrepreneurs aren’t willfully throwing caution to the wind. They just don’t know any better. “You’re not a security officer, you have a business to run,” Pozhogin said. But if there’s one thing business owners understand, it’s money. By highlighting the costs of inadequate data security, Pozhogin and his group hope to prod SMBs into action.
The Cost of a Small Business Data Breach
Kaspersky Lab and B2B International, a market research firm, surveyed 5,500 companies across the globe. Eight-eight percent of SMBs (1,500 seats or fewer) had incurred the expense of professional services to bounce back from a breach, typically $11,000. If word that a small business suffered a security breach spreads, it can say good-bye to $16,000 in lost business. In particularly nasty cases where IT systems have crashed or need to be taken offline for a thorough cleansing, SMBs can lose $66,000 due to downtime. And don’t put away the company checkbook once the dust settles. To prevent an incident from happening again, SMBs can expect to fork over $8,000 on average in indirect spending. Fifty-four percent of SMBs reported spending $7,000 on new IT systems to guard against security breaches. Another 47 percent said they spent $5,000 in training while 41 percent parted with, on average, $5,500 for knowledgeable staff.
Small Business Data Held Hostage
Like large businesses, SMBs can suffer from a range of threats, including targeted espionage, as sinister as it sounds, to good old-fashioned attempts to gain unauthorized access to their networks. Particularly, Kaspersky warned that SMBs should be on the lookout for distributed denial of service (DDoS) attacks that seek to overwhelm a smaller organization’s comparatively weaker network defenses. However, said Pozhogin, there’s another threat that’s been making life miserable for many businesses: ransomware. This type of malware encrypts your data files are and holds them hostage until you pay up. Short of keeping regular backups, there’s little you can do but meet the cyber-robbers’ demands and hope they keep their end of the bargain. And good luck trying to retrieve the encryption on your own. “There are thousands of different variations of [ransomware],” said Pozhogin, in addition to the widespread use of strong encryption. “It’s an example of a great technology used as a weapon against lawful users.”