Small businesses still aren’t acting on cybersecurity and most aren’t ready for an attack

New cybersecurity guidance from the Australian government offers a checklist for a small-business sector that is crying out for easier security solutions – and, if recent figures are any guide, knows it is hopelessly exposed to cybersecurity attack despite years of attempted education.

Smaller businesses came up well behind their larger counterparts when it comes to cybersecurity readiness, according to a recent JLT-Harvard Business Review Analytic Services survey that found just 46 percent of smaller businesses even consider cyber attacks and breaches to be a significant or very significant threat to their organisations.

By comparison, 65 percent of respondents from large businesses felt the same.

Small businesses were even more concerned about their readiness to deal with a cybersecurity incident, with just 14 percent saying their employer is fully prepared for such an event – well behind the 39 percent of large-enterprise respondents.

Such broad differences in perception reflect a small-business cybersecurity gap that is exacerbated by ongoing deficiencies in several key areas of cybersecurity capability. Fully 72 percent of small businesses said they were partially prepared to respond to a cyber attack, well ahead of the 49 percent of large businesses that were partially prepared.

These figures reflect a challenging and persisting situation, JLT noted, in which many respondents said they lack the resources to keep cybersecurity structure working optimally; others said their organisations are not approaching the issue strategically.

Regardless of their size, the firm concluded, most organisations “do not understand the magnitude of the threat that cyber attacks and breaches pose, and are not calculating the possible cost of such attacks.”

Discovery of new malware reached an all-time high during the third quarter of 2017, the latest McAfee Labs Threats Report found, with 57.6m new malware samples identified and new ransomware discoveries rising by 36 percent quarter on quarter.

Australia matched Europe’s world-low rate of mobile malware infection despite a 60 percent quarter-on-quarter jump overall, while new macro malware eased significantly compared with the same period a year earlier.

This lack of preparation is endemic across the Asia-Pacific region, a new analysis by FireEye and Marsh & McLennan Companies’ Asia Pacific Risk Center has pointed out.

“The growing interconnectedness between both digital and physical worlds and the increasing dependence on IT systems has exponentially expanded the surface areas for cyber attacks,” the report notes.

“This, coupled with the rising sophistication by cyber criminals, has evolved to become a major risk for enterprises and society….The sooner governments and businesses recognise today’s cyber landscape poses a top enterprise risk, the better prepared they can be to take active steps to address the inevitable breach.”

The release of the Cyber Security Best Practice Guide, released this week by the Australian Small Business and Family Enterprise Ombudsman, emerged after research suggested that 60 percent of small businesses went out of business within six months after they experienced a cybersecurity breach.

Presented as an easy-to-read list of cybersecurity tasks, the guide outlines key steps small businesses can take to reduce their cybersecurity exposure and improve the chance they can recover after a breach.

It also emphasises the importance of “complicit support from everyone” and seeks to disabuse small businesses of the idea that antivirus software is enough to keep them safe from attack – even though surveys suggest 87 percent of small businesses believe this to be the case.

Small businesses should be real about the risk they face online and engage trusted outside advisors to help guide their remediation efforts, ombudsman Kate Carnell said. “Online threats are just as real as physical threats…. Taking sensible precautions broadens opportunities and heightens the rewards [of going online].”