Skip to main content

66 Percent of SMBs Hacked in Past 12 Months

66 percent of SMBs were hacked in 2019

A survey conducted by the Ponemon Institute found that up to 66 percent of SMBs worldwide had been hacked in the past year. Small and mid-sized businesses in the US fared the worst, with 76 percent of American SMBs saying they had been hacked in 2018 to 2019. 63 percent also experienced some type of data breach during this time.

What Types of Attacks Most Affect SMBs?

Phishing and social engineering were the most common hacking vectors found in the study. These were followed closely by web-based attacks, with basic and advanced malware, credential theft, zero-day exploits, denial of service, SQL injections and more at frequencies varying from 40 to 20 percent for each. Some respondents had experienced more than a single type of cyber attack in the past 12 months, so the percentage of victims were neck-and-neck or equal for several categories.

The biggest takeaway the researchers found was that deception-based attacks continuously gained in popularity. This was only reinforced by the similar rates between different types, with advanced malware infections seeing the same exact frequency as credential abuse, and by the lower recurrences of easier to discover breaches such as script injections and insider threats.

Third Parties, IoT Contribute to Attack Surface

Laptops have risen to become the most vulnerable enterprise software endpoints next to mobile devices and followed closely by Internet of Things (IoT) networks, according to the report. Many of these machines are interconnected through the same systems, and when deployed through unsecured cloud servers, these items spread out your attack surface by adding many more endpoints that can be exploited.

The greatest danger to your ERP system, however, often lies in how these devices connect to third party networks. Most SMBs do not actively track the data and access they share with vendors and partners, which can lead to severe repercussions if this information is compromised.

Cost of Cyber Attacks Rises for Small Business

Though the average cost of a network breach unquestionably rose year-over-year, the study uncovered an interesting – and worrying – trend. While the cost of a security compromise in 2019 actually fell halfway between 2018 and 2017 levels, losses from business disruption rose exponentially from previous rates. Operational interruption from being hacked now often costs companies almost twice as much as the actual data breach itself.

Several factors contribute to this phenomenon, with industries like manufacturing suffering from any stalls in production or quality assurance. However, data security liability often represents the greatest risk factor for SMBs when it comes to cybersecurity costs. Not only can your business be penalized for noncompliance, but enterprises are increasingly demanding stricter security controls for supply chain partners.

Laptops have risen to become the most vulnerable enterprise software endpoints next to mobile devices and followed closely by IoT networks.


SMBs Still Lack Resources to Deal with Cyber Threats

The reason behind all of these trends is simple – respondents said they lacked either the tools, skillsets, money or manpower to respond to every threat, and often faced a combination of all four factors. However, insufficient personnel was cited as the largest by far, followed by budget, technology and expertise. While SMBs were able to make some gains in these other categories between 2018 and 2019, the lack of dedicated IT staff only became worse over time.

How Confident Are You in Your Network Security Tools?

The Ponemon research confirms that SMBs cannot rely on static cybersecurity controls to protect their networks. Hackers rely on smaller businesses not being able to cover the gaps basic firewalls and anti-virus tools leave to get into your system at their leisure. However, working with an MSP like SWK can help bridge those gaps and provide you with a cybersecurity resource that is far more affordable than trying to staff internally.

Download SWK’s free report to learn the top 10 ways hackers get past your anti-virus and how you can protect against them.

First Name
Last Name
Titleyour full name
PhonePhone Number
Companyyour full name
FormCraft - WordPress form builder