A new report from the Identity Theft Resource Center (ITRC) reveals cyberattacks and data breaches targeted at small and medium-sized businesses (SMBs) continue to climb, reaching their highest levels in the three years of the study.
The 2023 ITRC Business Impact Report shows 73% of SMBs experienced a cyberattack, data breach, or both in the past 12 months. This represents a significant jump from the 58% attack rate in 2021 and 43% in 2022.
Yet, despite the rising threats, 85% of SMB leaders surveyed said they felt prepared to protect against or recover from cyberattacks. This confidence comes even as only 20-34% reported following best practices such as multi-factor authentication, strong passwords, and role-based access controls for sensitive data.
The disconnect between confidence and action on security concerned experts like George McGregor, VP at Approov Mobile Security, who said:
"This is disappointing, with very poor levels of implementation of basic best practices and only half of the companies taking steps to stop breaches.
I also think the 'good news' in the report—a reported reduced financial impact of breaches—is probably not to be taken too seriously, either. If self-reported, it may not be accurate.
There will be more and more pressure on small businesses as new reporting requirements come into force and they will be forced to take the issue of cybersecurity more seriously."
McGregor predicts that new regulations will force small businesses to take cybersecurity more seriously. But for now, the adoption of protections remains low.
While the financial consequences may be declining, the ITRC report shows cyberattacks still impact SMBs in other ways. Forty-two percent reported a loss of revenue, and 32% said they lost customer trust. One in three dealt with higher employee turnover after an incident.
As attacks reach unprecedented levels, SMBs will need to back up their confidence in defenses with concrete actions. Implementing multi-factor authentication, stronger passwords, and access controls are vital steps. Partnering with IT providers and cybersecurity experts can also help small businesses prepare for the mounting threats.
Though leaders feel ready, the reality is that substantial improvements in security are still needed at most SMBs. The threat from cybercriminals continues rising, and no business can afford to be the next victim.
Follow SecureWorld News for more stories related to cybersecurity.