Small and Mighty

In today’s cyber threat landscape, every organization, large or small, is at risk
for an attack. But increasingly, small/midmarket businesses are the focus of
attacks1 and often serve as a launch pad or conduit for bigger campaigns.
Adversaries view small/midmarket businesses as soft targets that have less sophisticated security infrastructure and practices and an inadequate number
of trained personnel to manage and respond to threats.1
Many small/midmarket businesses are only beginning to realize how
attractive they are to cybercriminals. Often, that realization comes too late:
after an attack. Recovering from a cyber attack can be difficult and costly—
if not impossible—for these businesses, depending on the nature and scope
of the campaign. This report will give an understanding of the risks smaller
organizations face, share an understanding of how smaller organizations
stack up against their peers with respect to security and share a bit of
guidance to bear in mind in 2018 and beyond.
Consider this finding from the Cisco 2018 Security Capabilities Benchmark
Study: More than half (54 percent) of all cyber attacks result in financial
damages of more than US$500,000 including, but not limited to, lost
revenue, customers, opportunities, and out-of-pocket costs. That amount
is enough to put an unprepared small/midmarket business out of
operation—permanently.
A recent study by the Better Business Bureau (BBB)2 helps to underscore
how small/midmarket businesses can struggle financially to survive following
a severe cyber attack. The BBB asked small business owners in North
America, “How long could your business remain profitable if you permanently
lost access to essential data?” Only about one-third (35 percent) said that
they could remain profitable for more than three months. More than half
reported that they would be unprofitable in under one month.