The 2018 State of Cybersecurity in Small and Medium Size Businesses study, conducted by the Ponemon Institute, sponsored by Keeper Security, revealed that small businesses increasingly face the same cybersecurity risks as larger companies, but only 28 percent rate their ability to mitigate threats, vulnerabilities and attacks as “highly effective.”

The number of attacks, including phishing, advanced malware, zero-day and ransomware attacks is rising -- with 67 percent experiencing a cyber attack and 58 percent experiencing a data breach in the last 12 months. Yet nearly half of respondents (47 percent) say they have no understanding of how to protect their companies against cyber attacks.  

Weak passwords can wreak havoc on small businesses

As SMBs become more vulnerable, the risk of employees and contractors causing a data breach or ransomware attack is simultaneously increasing -- 60 percent of those surveyed cited a negligent employee or contractor as being the root cause for a breach, compared to 37 percent pointing to an external hacker. Still, 32 percent of respondents assert that their companies could not determine the root cause of a data breach they have experienced in the past 12 months.

Forty percent of respondents say their companies experienced an attack involving the compromise of employees’ passwords in the past year, with the average cost of each attack being $383,365. Accordingly, 19 percent more IT and security professionals consider password protection and management to be increasingly critical this year compared to last.

Cyber attacks and data breaches target SMBs

“More SMBs are experiencing highly sophisticated and targeted cyber attacks. There is a failure to use strong passwords, two-factor authentication and unique passwords for every website, application and system. This is exposing SMBs to cyber criminals,” said Darren Guccione, CEO and Co-founder of Keeper Security. “The results of the 2018 State of Cybersecurity in Small and Medium Size Businesses study underscore the critical importance of implementing a secure password management solution to protect not only SMBs’ sensitive digital assets, but also their reputation and the longevity of their business operation.”

Additional highlights of the study include:

  • Respondents indicated their two biggest password-related pain points are having to deal with passwords being stolen or compromised (68 percent) and employees using weak passwords (67 percent).
  • Human memory and spreadsheets are used to protect passwords. Only 22 percent of respondents say their companies require employees to use a password manager. Of the 74 percent of respondents who say password managers are not required, more than half say their companies rely upon human memory and spreadsheets to protect passwords.
  • SMBs continue to struggle with insufficient personnel and budget. Seventy four percent of respondents note they do not have the appropriate personnel and budget (55 percent) to effectively mitigate cyber risks.
  • The respondents who believe they are “highly effective” at mitigating risks, vulnerabilities and attacks have higher budget and more in-house expertise. These companies also dedicate a higher percentage of their IT budget to cybersecurity.

“As the threat landscape evolves, cyber criminals are leaving no stone unturned -- and companies -- no matter how big or small -- are only as strong as their weakest link,” said Dr. Larry Ponemon, chairman and founder, The Ponemon Institute. “The findings of the 2018 State of Cybersecurity in Small and Medium Size Businesses study show far too many SMBs rely upon human memory, spreadsheets and even sticky notes to protect their passwords -- thereby weakening a critical link in the IT security chain.”