Results of more than 1,000 risk assessments completed by ConnectWise partners reveal that a majority of small and medium-sized businesses (SMBs) do not have cybersecurity protection at the top of their agenda and are highly prone to risks and vulnerabilities. The risk assessments reveal that an alarming 69% of SMBs have not identified and documented cybersecurity threats, while two-thirds (66%) have not identified and documented cybersecurity vulnerabilities.
Beginning in fall 2018 and continuing through this spring, ConnectWise’s managed service provider (MSP) partners around the world were offered free risk assessments using a tool from Sienna Group – now known as ConnectWise Identify – to assess their SMB customers’ security posture against a wide variety of malicious cybersecurity threats. While these assessments are still ongoing, results from the first 1,000 showing the top risks SMBs face have now been completed.
Data from the assessments also revealed the following facts about SMBs:
- More than half (57%) have not informed and trained all users on cybersecurity
- Almost half (48%) have not analyzed cybersecurity attack targets and methods
- Almost half (48%) do not have a response plan for a cybersecurity incident
- Over two-fifths (43%) do not have a recovery plan for a cybersecurity incident
“These results highlight how unprepared many small business owners still are for cybersecurity attacks. Partly due to the intense media focus on massive security breaches like Equifax and Marriott, many SMBs continue to operate under the belief that security breaches only impact large enterprises,” said John Ford, chief information security officer, ConnectWise. “The fact that almost 70% of SMBs hadn’t identified and documented cybersecurity threats is a serious concern, as sensitive company, employee and customer data would be susceptible to any type of cyberattack whether it is ransomware, malware, taking down the company’s site via a DDoS attack, or any other type of malicious activity taking place in this day and age.”
Attacks on SMBs are on the rise, and the associated costs can be detrimental to their business. In fact, the average cost from damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053 and the average cost of the disruption to normal operations increased from $955,429 to $1,207,965 according to the Ponemon Institute: 2017 State of Cybersecurity in SMB study.
As a result, SMBs are projected to grow their spending on remote managed security to an estimated $21.2 billion by 2021, making it the highest growth area in the managed services market.
“SMBs must consider the risks associated if such an attack were to take place, as it would not just affect the company financially and its reputation, but its detrimental impact could even shut an organization down,” Ford continued. “This is why it’s important for them to work with MSPs to understand where their cybersecurity risks lie and how they can be remediated.”
ConnectWise Identify aligns with the Cybersecurity Framework written by the National Institute of Standards and Technology (NIST), which provides a way for organizations, including SMBs, to assess security risks and provide guidelines for identifying, protecting, detecting, responding to and recovering from cyberthreats.