Cybersecurity threats are a ticking time-bomb for many companies, and yet most small businesses don’t see it as a main budget priority, an exclusive Tech.co report has revealed.
With cyberattacks on the rise and the average cost of an attack in the millions, safeguarding against issues such as data breaches and ransomware should be a number one concern for businesses of all sizes — but especially large businesses.
While small businesses are the least likely to be protected, large businesses are the most targeted by attackers and, surprisingly, don’t fare much better. 83% of large businesses see security as a significant threat to their business growth. Yet, only 43% of large businesses consider security a top three tech budget priority to invest in.
Tech.co's research has also shown that some industries are more blind to the threat than others, with the likes of the Hospitality, Wholesale and Retail industries burying their heads in the sand, leaving themselves seriously exposed.
Small Businesses Least Likely to Understand Cybersecurity Threat
Whilst cybersecurity is a hot topic among all companies, regardless of size, it’s small companies that are least likely to invest in the tech to protect themselves, despite recognising the risks.
When Tech.co surveyed businesses on the matter, 71% saw cybersecurity as a significant threat to their growth, including 63% of small businesses. And yet despite this, fewer than 30% of small businesses named security as a priority for investment, with financial, productivity, and customer relationship management software considered more important.
This is at odds with medium and large businesses, who were more likely to recognize the threat of cybersecurity to their growth (78% and 83% respectively) and mark it as a top three priority in their budgeting (36% and 43% respectively).
Large Businesses Have the Most to Lose
While cybersecurity risks are major concern for all companies, it's larger businesses who have the most to lose, literally.
A cyberattack at a big firm can be a huge payday for cyber criminals, and it's becoming increasingly common for such attacks to make the news.
An attack on Yahoo in 2013 is thought to have impacted 3 billion accounts. Last year, LinkedIn was the victim on a breach that saw 700 million users affected.
With such huge rewards for cyber criminals, be it in data or ransom payments, we can't expect these attacks to slow anytime soon.
The Industries Least Concerned About Cybersecurity
Tech.co data reveals a shocking disparity in concern between industries, with some sectors worryingly ignorant to cybersecurity risks, despite the fact that the average cost of a cybersecurity breach is estimated to be around $4.24 million.
Those working in Engineering or Architecture (57%), Utilities (57%) and Legal (54%) are most aware of the need to prioritize a security system, while those least likely to budget for security were the Hospitality (13%), Wholesale (19%) and Retail (24%) industries. Unsurprisingly, these latter three industries were also more likely to claim that cybersecurity isn't a critical threat to their growth – just 8% of hospitality industry respondents considered cybersecurity to be a critical threat.
Without a doubt, this demonstrates a false sense of security – and by some margin. In 2018 alone, 514 million hotel records were stolen globally. A 2019 report stated that the industry was the third highest industry to be compromised, with two thirds of these attacks targeting corporate servers. The Wholesale and Retail industries are also at risk. Attacks in the Retail sector are up 21%, with three quarters of Retail organizations reporting a significant loss in revenue after a ransomware infection.
Among the other industries which reported a low level of investment in cybersecurity tech were Accounting and Education.
Only 25% of those working in Accounting would place Cybersecurity in their top three investment priorities, despite the fact that accounting firms are currently facing a 300% increase in attacks.
Of those in the Education sector that Tech.co surveyed, only 27% stated that cybersecurity was a top budget priority, and only 12% recognized it as a critical threat to growth. This is perhaps surprising given the large number of high profile ransomware cases that have hit the news in recent years in this industry, costing US schools and colleges $3.5 billion in 2021 alone. In some of the worst cases, attacks have crippled venues, with the 157 year old Lincoln College attributing cybersecurity as a factor in it closing its doors for good.
Keeping up with the latest cybersecurity can feel like constantly playing catch up, with new virus variants, data breaches and ransomware attacks being reported every day. However, tech has made this task easier than ever, and investing in robust solutions such as antivirus software and password managers can severely mitigate the risks.
49% of businesses surveyed by Tech.co reported using antivirus software to protect their business assets, and 80% were happy that this solved the challenges they had been facing. What’s more, businesses who chose to invest in antivirus software were more likely to also report that they were exceeding their business growth goals. On the flip side, over half of the businesses we spoke to were at risk from viruses, and antivirus software can’t solve all business security concerns alone.
Again, certain industries showed signs of being more behind than others, for example, only 25% of the Accounting industry reported using antivirus software, compared to 69% of those in the Legal profession.
Password managers can be another lifeline for employees. These reduce the risk of poor, easy-to-hack and repeated passwords, and they can also alert users about compromised credentials. 32% of those Tech.co spoke to had a password manager solution in place already, but some of the lowest use was seen in the most at-risk industries. Hospitality stood out once more, as only 7% of those in the industry stated they use password managers.
With cybersecurity threats on the rise, and exacerbated by a more vulnerable workforce due to the widespread adoption of hybrid working, attacks for many companies aren't so much a case of ‘if', but ‘when'. Preparing and raising digital defenses can deflect a lot of these attacks, but companies that don't invest in security now are likely to pay a much higher price in the long run.