While the growing number of cyberattacks should be alarming to businesses of all sizes, SMBs aren’t too concerned, but the truth is they should be. Cybercriminals are not only targeting larger global companies. The damages associated with cybercrimes can quickly put an SMB out of business.

A report, titled “The 2019 SMB Cyberthreat Study,” was conducted by cybersecurity provider Keeper Security. The study surveyed more than 500 senior-level decision-makers at companies with 500 employees or less. The results found that 66 percent of SMBs don’t believe they’ll fall victim to cyberattacks, despite the increasing number of cyberattacks reported by businesses of all sizes.

The number of firms reporting cyberattacks has risen from 45 percent last year to 61 percent this year, according to the 2019 Hiscox Cyber Reading Readiness Report. The report also revealed the following: Cybercriminals aren’t only going after large enterprises; they’re also targeting Small to Medium Businesses.

While cybercriminals are more likely to attack large enterprises — since there’s typically more at stake (more money in particular) — SMBs aren’t immune to the evolving threat landscape.

For example, forty-seven percent of small businesses (less than 50 employees) have suffered a cyberattack in the past 12 months, up from 33 percent in 2018, according to Hiscox’s report’s findings. Cyberattacks nearly doubled for medium-sized businesses (between 50 and 249 employees) during the same time frame, jumping from 36 percent to 63 percent.

Even as the number of cyberattacks increases, many SMBs are choosing not to design, develop, and implement cybersecurity prevention and protection strategies.

Don’t follow the crowd: Many SMBs aren’t prepared for cyberattacks
With many SMBs unconvinced of the increasing number of risks associated with the growing threat landscape, it shouldn’t be a surprise they’re not prepared to tackle cybersecurity threats.

Only 38 percent of SMBs have active cybersecurity strategies in place, according to a 2019 study conducted Vistage Research Center, a San Diego-based executive coaching organization for SMBs. This means the remaining 62 percent of SMBs don’t have up-to-date cybersecurity strategies in place, making them vulnerable to cybercrime. According to the Center for Strategic and International Studies, a think tank based in Washington, D.C, cybercrime is a $600 billion a year global crisis.

Despite IT professionals pointing out the myths about cyberattacks — including hackers only go after large enterprises and SMBs don’t offer anything of value — SMBs are going against the advice of experts. They are entirely ignoring cyberattack threats and continuing business as usual. Cybercriminals are expected to steal an estimated 33 billion records in 2023, according to a 2018 study from Juniper Research, a Basingstoke, England-based market research firm.

This kind of risky behavior puts not only sensitive data at risk but creates additional expenses, too.

How costly can cybercrime damages be?
Believe it or not, cyberattacks are costly.

Cybercrime damage costs globally are expected to hit $6 trillion annually by 2021, according to data published by Cybersecurity Ventures, a cybersecurity research firm based in Northport, NY.

For SMBs, the average cost from damage or theft of IT assets and infrastructure increased from $879,582 in 2016 to $1,027,053 in 2017, according to the Ponemon Institute’s 2017 State of Cybersecurity in SMB study.

Additionally, the study found that the average cost of the disruption to regular operations increased from $955,429 to $1,207,965 during the same time frame.

Regarding their victims, cybercriminals are no longer discriminating. They’re always looking for vulnerabilities to exploit. If SMBs don’t learn to take appropriate precautions, many of them are going to face dire consequences down the road.