74% SMBs suffered a cyber attack in the last one year: study

It is common knowledge the pandemic has led to a rise in the number of cyber attacks in the country. A recent study has found that around 74 per cent small and medium businesses (SMBs) in India suffered cyber incidents in the last one year.

As much as 62 per cent of the SMBs that suffered cyber attacks said that these cost the business Rs 3.5 crore or more. Around 36 per cent of SMBs ranked their cyber security solutions as not being adequate to detect or prevent the attack. A recent study by Cisco titled Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense shows that SMBs in India are exposed, under attack and more worried about cyber security threats than before.

The study also found that three out of four SMBs that had faced cyber attacks had experienced 85 per cent loss of customer information to malicious actors, in addition to a tangible impact on their business.

The study was based on an independent, double-blinded survey of over 3,700 business and IT leaders with cybersecurity responsibilities across 14 markets across the Asia-Pacific region. The survey highlighted that SMBs saw several ways in which attackers tried to infiltrate their systems. In India, malware attacks, which affected 92 per cent of SMBs, topped the charts, followed by phishing (76 per cent). Thirty-eight per cent of those that suffered incidents said that the major cause of these cyber attacks was not having cybersecurity solutions.

The study revealed that besides the loss of customer data, SMBs that suffered a cyber incident also lost internal emails, employee data, intellectual property and financial information. Majority of SMBs also revealed that cyber attacks disrupted their operations and admitted that it negatively impacted their reputation and resulted in a loss of customer trust. The study also found that the SMBs were rising to the challenge and had started taking strategic measures like carrying out simulation exercises to improve their cyber security posture.

“As they digitise, SMBs are embracing the fact that any transformation, especially one that allows them to meet customers where they are and build trust, must begin with cyber security. However, given that they typically operate with limited resources and smaller teams, simplicity is the key to successful security deployments. According to the study, SMBs feel that they have too many technologies and struggle to integrate them,” remarked Panish P.K., managing director, small business, Cisco India and SAARC.

The study also found that while the SMBs in India were more worried about cyber security risks and challenges, they had already started taking a planned approach to understand and improve their cyber security posture through strategic initiatives. According to the study, the majority of SMBs in India had completed scenario planning and/or simulations for potential cybersecurity incidents in the past 12 months and the majority of them had cyber response and recovery plans in place. The study highlighted that phishing attacks are being seen as the top threat by SMBs in India.

The study also found that SMBs had started ramping up their investments in cyber security, with almost half of Indian SMBs having increased their security investment since the start of the pandemic by more than 5 per cent. These investments are well distributed across areas such as cyber security solutions, compliance or monitoring, talent, training and insurance, suggesting a strong understanding of the need for a multifaceted and integrated approach to building a robust cyber posture.

The study also highlights five recommendations for organisations of all sizes to improve their cyber security posture given the ever-changing landscape. These recommendations are having frequent discussions with senior leaders and all stakeholders; taking a simplified, integrated approach to cyber security; staying prepared through conducting real-world simulations; training and educating employees and working with the right technology partner.