In the last five years, organizations such as JP Morgan, Target, Home Depot, and Sony have all fallen victim to expensive and devastating cyber-attacks. Yet despite these high profile cyber-breaches, and increasing awareness of the importance of cyber security, many Small and Medium-sized Enterprises (SMEs) assume that their businesses are too insignificant to be of interest to hackers. Cyber security firm FireEye has reported that 77% of SMEs believe that their company is safe from cyber-attacks; however, one-third of those same SMEs were not aware that they had suffered a cyber-attack in the past year. Senior level staff are less likely to know about cybersecurity risks, and 58% of SME management teams feel cyber security is not a significant risk to their organization.
The truth is that cyber-attacks can have many negative consequences for SMEs, including significant costs associated with loss of business or in extreme cases,shutting down operations altogether. Additionally, the theft of employee or customer information can be crippling for SMEs, causing irreparable harm to the reputation of the company and a total loss of customer confidence, trust, and loyalty. FireEye found 60% of small firms go out of business within 6 months of a data breach. Because of this, it is essential for SMEs to ensure that they include adequate cybersecurity measures into their business plans and budget accordingly. So where to start?