When it comes to reporting on cybercrime, we tend to only come across stories impacting major companies or industries.
Apart from the obvious reputational damage, we don’t really grasp the consequences of something like a data breach on a company and its customers.
There are no headline articles about the troubles that emerge in the wake of a data breach, some of which literally grind small and medium enterprises (SMEs) into the ground.
The media focuses on corporate giants as the only victims of cybercrime and lulls us into a false reality where data breaches seem to happen mostly to corporate behemoths but not the small or medium size business owners. Cybercriminals, who are often well-organised and well-resourced, launch constant attacks on data targets, probing for the weak spots. SMEs typically invest far fewer resources in cybersecurity than big corporations, which can make them a far more attractive mark to criminals, and their businesses far more vulnerable.
According to Dan Thornton, CEO of cybersecurity awareness training business, GoldPhish, the often false perception that “it won’t happen to us”, puts SMEs at greater risk of becoming a target for cybercrime.
He explains, “Perpetrators of these crimes are well-aware that while big companies are investing heavily in their cybersecurity, SMEs who also collect and store significant client and customer data, aren’t taking preventative action in the same ways. It’s a myth that hackers and scammers are only interested in the big data collected by corporates or governments. SMEs who are not cyber-savvy or don’t have suitable measures in place are the easiest targets when it comes to exploitation by cybercriminals.”
There are many SMEs that collect customer data, that includes banking, financial and tax information, contact and residential details, consumer purchasing history and even sensitive medical records, the consequences of a data breach can be dire.
Thornton says, “We all read the headlines saying that yet again millions of customers’ data has been breached. Shock, horror, and then that’s it.
But it’s not like that. Data breaches have long-term consequences. Many of them actually sink companies, and many expose consumers to ongoing risks.”
What happens after a data breach?
After a data breach, companies can potentially face regulatory liability and third-party liability, but this is not the full extent of the possible damages. Cybercriminals may hold the data hostage to extort a ransom from the company, and they may also mine sufficient data to target consumers – a data breach is not an end result but a pathway to ongoing cybercrimes.
According to IBM data, by mid-2022 the average cost of a data breach was $4.3 million, a new high record.
Thornton notes, “Reputational damage for companies that we trust with our data can be devastating, and many businesses never recover from a data breach. Companies need to take their data protection seriously and establish full visibility of what data they’re holding, where they are storing it, and also justify why they’re holding it. In addition, they need to implement data protection strategies and ensure their staff are well-trained when it comes to cybersecurity. Ensuring that your employees are trained to be cyber savvy has become critical to the mission of every business, small, medium and large.”
Cybersecurity should be front of mind for all SMEs.
Meticulous processes governing data collection, storage and sharing in accordance with regulations should be controlled and the following approach is recommended:
- Ongoing, company-wide cybersecurity training
- Implementation and maintenance of proven cybersecurity strategies
- Investment in cyber insurance coverage
Cybersecurity for SMEs needs to be embedded along with all other efforts to create a secure working culture. Employees, business leaders and customers all value this. No business can afford an ‘it won’t happen to us’ mindset. Cybercrime is set to become the greatest security threat to all kinds of businesses, and it’s important to invest the same care in your digital assets and consumer data. Understanding the threats and knowing how to mitigate the risks is essential.