Small and Mighty

In today’s cyber threat landscape, every organization, large or small, is at risk

for an attack. But increasingly, small/midmarket businesses are the focus of

attacks1 and often serve as a launch pad or conduit for bigger campaigns.

Adversaries view small/midmarket businesses as soft targets that have less sophisticated security infrastructure and practices and an inadequate number

of trained personnel to manage and respond to threats.1

Many small/midmarket businesses are only beginning to realize how

attractive they are to cybercriminals. Often, that realization comes too late:

after an attack. Recovering from a cyber attack can be difficult and costly—

if not impossible—for these businesses, depending on the nature and scope

of the campaign. This report will give an understanding of the risks smaller

organizations face, share an understanding of how smaller organizations

stack up against their peers with respect to security and share a bit of

guidance to bear in mind in 2018 and beyond.

Consider this finding from the Cisco 2018 Security Capabilities Benchmark

Study: More than half (54 percent) of all cyber attacks result in financial

damages of more than US$500,000 including, but not limited to, lost

revenue, customers, opportunities, and out-of-pocket costs. That amount

is enough to put an unprepared small/midmarket business out of

operation—permanently.

A recent study by the Better Business Bureau (BBB)2 helps to underscore

how small/midmarket businesses can struggle financially to survive following

a severe cyber attack. The BBB asked small business owners in North

America, “How long could your business remain profitable if you permanently

lost access to essential data?” Only about one-third (35 percent) said that

they could remain profitable for more than three months. More than half

reported that they would be unprofitable in under one month.