May 17, 2016

Data Breach Cost: Why Preparedness has to be a Best Practice for SMEs

With so many data breaches happening everywhere in the world, you’d think that all companies would recognize the importance of data breach prevention and preparedness.

But when it comes to small and medium sized enterprises (SMEs), recent research shows that’s not the case.

According to Experian’s third annual data breach preparedness study, about half of small companies have no plan in place to deal with a data breach.

Data breach preparedness is the process of ensuring that a workplace is in a state of ‘readiness’ to contain a data breach. Here’s why this is so important.

Not if, when:  Thinking that you’re not going to be targeted can impact basic security hygiene, warned Amandeep Lamba, director of cybersecurity at PwC, in the 2015 ebook, The Data Risks of SMBs . According to FireEye, the odds of a small business data breach are more than 96%.   

Hackers love SMEs: In a 2015 article, Luis A. Aguilar of the U.S. Securities and Exchange Commission reported that SMBs were the recipient of 60% of all targeted cyber attacks. SMBs have more digital assets than an individual but less security than a larger enterprise.

Cost: A National Small Business Association survey showed that the cost of an average attack increased 140% in one year, from $8,699 in 2013 to $20,752 in 2014. Data breach cost also includes reputational damage, loss of trust, and long-term loss of customers. In the Experian study, 64% of consumers said they might not use a SME again if it were hit by a data breach.

Easier targets: Cybercriminals know that smaller organizations are generally less prepared than larger ones. In earlier research, UK-based insurance broker Towergate Insurance reported that most smaller companies did not prioritize online security improvement.

Supply chain: Small companies are often hacked not for the data they possess but because they are stepping stones to larger companies in the supply chain.

Financial vulnerability: In the Experian study, 77% of SMEs said the financial impact of a breach would affect day-to-day operations. An earlier study by National Cyber Security Alliance found that 60% of small firms go out of business within six months of a data breach.

Insiders: Insider fraud cost $3.7 trillion across the globe in 2014, according to the Association of Certified Fraud Examiners. All companies should know that even tight-knit, smaller workplaces have insider fraudsters.

Here’s how companies can improve their preparedness and data breach prevention:

  • Assume you’re a target. Create a culture of security in the workplace from the top down.
  • Introduce formal security policies that extend to mobile devices too.
  • Put a data breach response team in place.
  • Create a data breach response plan – and practice it.
  • Identify valuable data, and back it up.
  • Educate employees to recognize signs of a breach and inside fraudsters. Compliance training is also important.   
  • Utilize a security platform that can detect and block. Ensure that all safeguarding software is patched and up-to-date.  

Another way to protect your workplace is to implement secure information management policies and a data breach response plan.