As cybercriminals become more sophisticated with every passing day, levels of cybercrime are rising.
The sad reality is that the only way for businesses to protect themselves against cybercrime is to invest in powerful cybersecurity. Doing this properly requires a fairly large budget, and this can be a real challenge for smaller businesses.
However, SMEs are spending money and investing in their cybersecurity. It is estimated that by 2025, SMEs will be spending a collective $90 billion on their security practice, procedures and software. So, it can’t be denied that investment is being made - but the key question is whether this level of spending is actually enough to keep businesses secure.
Here we take a look at whether small businesses need to be investing more in their cybersecurity.
Investing in preparation is key
One major issue for businesses is not so much that they aren’t investing enough - but rather that they aren’t investing in the right places. Too many organisations focus on dealing with a cyberattack while it is taking place - for example, with antivirus software that stops an attack as it hits. However, more investment needs to go into preparation. When surveyed,
55% of small businesses said that they did not think they were adequately prepared for a cyber attack.
A good example of preparing for a cybercrime comes in the form of cyber incident response. Cybersecurity specialists Redscan
describe incident response as: “the approach an organisation takes to respond to, manage, and mitigate cyber security incidents. The ultimate goal of incident response is to limit the damage and disruption of attacks and, where necessary, restore operations as quickly as possible."
It has to be accepted that it is possible for sophisticated cybercriminals to overcome even the most advanced defences. And as such, it’s important to be prepared with a plan to respond once a cybersecurity incident takes place.
Cyber skills shortage
A huge factor influencing the rising costs of cybersecurity is the shortage of staff with relevant cybersecurity skills. A survey this year revealed that
95% of cybersecurity employees believe that there has been no improvement in the issue of the cybersecurity skills gap in recent years. The simple fact is there are more cybersecurity roles being recruited than there are workers with relevant skills, qualifications and training.
This causes a number of issues, but one of the most important from the perspective of smaller businesses is the fact that it drives up the cost of hiring cybersecurity staff. SMEs that want to hire a team of cybersecurity staff will inevitably find themselves facing serious financial implications.
It is advisable that smaller businesses should work with outsourced cybersecurity, as this can provide all of the advantages of an in-house team without the prohibitively expensive cost of salaries.
SMEs might be seen as easy targets
As cybercriminals have grown more sophisticated and news is often made by huge multinational companies facing cyberattacks, smaller companies could be forgiven for thinking that they are not a major target for cybercrime. Doesn’t it make sense that larger companies with more money and data to lose are more likely to be targeted?
To a certain extent it does, but it should also be acknowledged that cybercriminals like easy targets too. SMEs with weak cybersecurity can just as easily be targeted as larger companies with more to lose.
"Hackers prey on the knowledge that small businesses tend to have lower defences than larger organisations, usually due to lack of financial and human resources,”
says Sarah Green, a cyber security expert. “By their very nature, thriving small businesses are innovative and niche, which again is very attractive to the bad guys who may be interested in customer data and intellectual property and know exactly how to pick out the weak targets."
It is also worth remembering that sometimes SMEs are attacked because they are part of the supply chain of larger companies - so, smaller businesses need to be prepared for the kind of sophisticated attacks that could take place against enterprise-level companies.
The consequences can be severe
It is important to recognise that SMEs that suffer cyberattacks face very serious and long-lasting consequences. This means that the fallout from failing to invest properly in cybersecurity can be a real challenge. Companies typically understand the initial financial and disruption implications of suffering a cyberattack - but they might not be aware of how this damages them in the long term.
For smaller businesses, the damage to their reputation from having suffered a cyberattack can be something that is almost impossible to recover from. In fact, research suggests that as many as
60% of small businesses that suffer a cyberattack will fold within six months. This shows just how truly destructive it can be for an SME to face cybercrime.
Investing in cybersecurity is not just a cost that your business will benefit from - it can actually be the difference between your company staying in business or failing.
Guest contributor