Just under half of a surveyed set of British small to medium-sized businesses (SMBs) believe that a cyber-attack would put them out of business.
The survey of 501 IT decision makers by Webroot found that 48% have suffered a cyber-attack or data breach in their lifetime, with over one in seven saying this happened more than once. The same number also believed that the cases negatively impacted relationships with partners, with almost a quarter (22%) admitting they are no longer a supplier as a result.
One example of a company going out of business was Code Spaces, which was forced to close down after a wiper attack deleted its files as part of a larger DDoS attack in 2014. Then, Code Spaces claimed it “will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of on going credibility."
In an email to Infosecurity, Ed Tucker, CISO and co-founder of Email Auth, Byte and Human Firewall, said that companies of all sizes suffer from attacks, some of which are successful, but rarely have we seen anyone actually go under from such.
“It smarts of hyperbolic fear mongering” he said. “When assessing risk, you must consider impact and thus consequence to the business. Is there any evidence to back this claim where cyber-attacks have actually resulted in the closure of a business to the extent that this is a tangible consequence? The simple answer is no. Most business have it in them to recover. A clear ability to plan; to respond and recover is a must for any organization.
“Closure is a possibility, but using current evidence of successful cyber-attacks then it would be a remote, rather than likely consequence.”
Nearly two-thirds of respondents (64%) said that being smaller enables their business to react more quickly to industry or political change than larger enterprises.
Paul Barnes, senior director of product strategy at Webroot, said: “SMBs can no longer consider themselves too small to be targets. They need to use their nimble size to their advantage by quickly identifying risks and educating everyone in the business of how to mitigate those risks, because people will always be the first line of defense.
“Working with the right cybersecurity partner or managed service provider (MSP) to develop the right strategy for their size will allow smaller businesses to prioritize the activities that matter most and help them grow.”