Developing an IT strategy (including security) is a strategic concern for only 19% of small businesses. Many believe they are not attractive targets for cybercriminals. Yet more than 30% of data breaches happen to companies with fewer than 100 employees, and a single attack can cost an SMB up to $375,000.
The opportunities that IT technology offers to small businesses are at least as ample in proportion as those available to larger, more distributed organizations. However, this situation also entails a downside, where greater attention is needed. In fact, the world of SMEs and micro-enterprises often underestimates the potential risks associated with the adoption of IT tools and extended connectivity—a more accentuated situation than one might expect, and not only in India.
In fact, the phenomenon framed by Kaspersky Lab research reveals several gaps, especially in the approach to the issue, examined thanks to the availability of 3,900 situations in 27 countries. Overall, 17% of the sample was classified as large companies, 12% as medium-large (5,000 to 50,000 employees), and 25% in the SME sector. India’s involvement in the survey concerned 198 companies, in line with the rest of the sample, excluding the USA.
There are more than 75 million businesses in the global economy that operate with fewer than ten employees. Essential realities at a local level, not only in India, where over four million activities (95% of the total) achieve an annual turnover of up to 2 million euros. A share not far from the average of 93.2% in the EU.
According to the 2014 Global Corporate IT Security Risks produced in collaboration with B2B International, emerging startups and established small businesses rarely pay enough attention to cybersecurity issues. In general, microbusinesses appear more concerned with product and service strategy (41% named this as a priority) and marketing strategy, including business development, building a customer relationship, and improving their image (40% cited it as a priority for the company).
Developing an IT strategy (including security) emerges as a strategic concern for only 19% of micro businesses. One reason for this is the tendency to underestimate the scope of cyber threats. In fact, awareness of the quantity of malicious software needs to be improved. 74% of microbusinesses believe that 10,000 or fewer malware samples are discovered every day, while the proper amount is much higher at 315,000 per day.
At the same time, tiny businesses think, in the same way as SMEs, that they are safe from cybercriminals. They believe criminals wouldn’t waste their time and effort on a small company and that they don’t have much worth stealing. The reality is very different: Data from Verizon’s 2013 Data Breach Investigations Report shows that more than 30% of data breaches occurred at companies with 100 or fewer employees.
This myopia can be costly. For a startup, even a single security incident can spell financial ruin. The average cost of a data breach for a small or medium-sized business has been calculated to be as high as $375,000, adding up lost economic opportunities, the involvement of external IT support to resolve the problem, and the potential need for new equipment. The average price of professional services for SMBs following a severe data loss is $10,000.
The costs are not just financial: 57% of data loss events had repercussions that damaged the management of the company. More than half of these situations (56%) produce a negative impact on reputation or the perception of reliability. Despite this, the gap in investment relative to size remains high. The number of micro-businesses willing or willing enough to consider adequate security solutions is significantly lower than the number of large companies or even SMEs. In fact, more than half of tiny businesses (57%) show no interest in investing.
This is despite the fact that it is still possible to obtain good results with limited expenditure. In fact, according to Kaspersky Lab experts, a tiny business needs essential protection provided by anti-malware software and a firewall. Only once they become operational and begin fulfilling orders do they require encryption technology to protect payment information or customer information, a level of protection that is often required by law. If and when they start hiring employees to work outside the office, then essential Mobile Security solutions also become necessary. Ultimately, the investment must be proportionate to the size and turnover without a lower limit.