Most SMBs Completely Unprepared for Ransomware

A majority of American small and medium-sized business (SMB) owners say they recognize the severity of ransomware but lack the necessary resources, such as cyber-insurance or extra funds, to become operational once again if hit.

According to theft protection firm IDT911, one out of three say they could not go without access to critical business systems for any length of time. It added that SMBs, defined as businesses with less than 1,000 employees, have a lot to learn in terms of how to prepare for this risk and deal with the situation once impacted—making them prime targets.  

Three-quarters of SMBs (75%) do not have cyber-insurance, or are unsure if their policy includes cyber protection; and 65% of SMB owners say they currently do not, nor plan to, budget extra funds. More than two out of 10 (22%) of SMB owners say they are unsure how to, or were not aware of the need to, back up their system and files.

The good news is that a majority (84%) said they would not pay in the event of an attack; and only 3% say they would pay $10,000 or more. About 10 percent would pay between $1 and $100.

Interestingly, Millennials (ages 18 to 34) are more likely to have cyber insurance protecting their business than those respondents aged 35 to 44. And female business owners are more likely than men to report ransomware attacks to authorities right away.

The FBI’s Internet Crime Compliant Center reported that a total of 2,453 ransomware complaints were received in 2015, costing victims more than $24 million dollars. And since January 1, Symantec Security Response has seen an average of 4,000 ransomware attacks per day—a 300-percent increase from last year.

“Ransomware is the Zika virus of the business world and there is absolutely no telling how far and wide this will spread,” said Adam Levin, founder and chairman of IDT911, and author of Swiped. “Training alone isn’t enough, cyber-insurance alone isn’t enough and, sure as heck, backed-up data alone isn’t enough. We’re talking about complete and utter paralysis of systems that could spell lost revenue, viciously impacted customers and a potential near-extinction level event for a business. Businesses need a comprehensive cyber security strategy that includes prevention, monitoring and damage control.”

There’s much riding on getting this right: More than half (60%) of business owners said that they would immediately report an attack to law enforcement authorities, as one out of three respondents (33%) say they could not go without access to critical business systems for any length of time.

Photo © Ton Snoel

What’s Hot on Infosecurity Magazine?