Technology for MSMEs: Even as large enterprises have usually been the victims of data breaches because of the enormity of the customer data they have access to, small and mid-size businesses (SMBs) are also witnessing an incremental increase in such incidents annually. Up from 46 per cent in 2018, 48 per cent SMBs this year have seen instances of a data breach in their businesses, according to a survey report by cyber security firm Kaspersky. While the percentage of large enterprises reporting such breaches has also grown from 50 per cent last year to 53 per cent this year, the rise in micro-enterprises reporting data breach occurrences was highest at 6 per cent from 30 per cent to 36 per cent between 2018 and 2019 so far.
“Small businesses don’t even know where their services are hosted and what is the data. They complain about their website not opening or they are not able to access their email. They are not able to realise the threat. They take security for granted. Even PM has said that data is the new gold but businesses are not taking it seriously,” cyber security expert Rakshit Tandon who get minimum 10-15 complaints of such attacks from SMEs in a month about email and website breach told Financial Express Online.
The security measures taken by small businesses against such breaches are often insufficient, Kaspersky said even as it may directly impact their business since they usually have limited resources and they might have to stop or slow down their work processes and risk losing profit due. Moreover, small businesses risk losing customer trust if their personal data is compromised due to which they might have to face “financial penalties for breaking regulations, for example, such as GDPR,” according to the survey conducted among 1138 companies with 1-49 employees in April 2019.
Kaspersky spokesperson wasn’t available for more details around the profile of SMBs affected including the industries they belong to, level of impact, awareness and readiness to adopt cyber security solutions etc.
Importantly, 33 per cent of small businesses has no centralized cyber security management while ensuring safety on a specific computer system is the responsibility of each individual employee. Also, 25 per cent of businesses adopts consumer products for protection that provide only basic protection.
“Smaller companies may not have cyber security among their top priorities, however, the cost for overlooking the problem will only grow,” said Andrey Dankevich, Solution Business Lead, Kaspersky. Small businesses should teach employees cyber security basis such as not opening files from unknown sources, reminding employees of how to deal with sensitive data, using legitimate software, backing up essential data, and using a dedicated cyber security product for small business, the company said.
“It is high time that organisations take steps towards cyber security proactively not reactively once the attack happens. Also, you should have a redressal plan in case of a breach. Businesses don’t want to spend money on security. Unless businesses get out of this reactive approach such instance will continue to happen,” said Tandon.