SMBs and Information Theft

Information theft has been a hot topic for quite a while lately. Regardless of the size of a company, currently, when a firm is a victim of information theft through a hack, it must invest time and money in investigating where the attack came from, assessing the magnitude of the damage caused, and ultimately, putting systems in place to ensure it won’t happen again – all harmful economically as much as company-reputation wise.

Worldwide, a theft of this nature costs a business around $3.8 million; however, the final cost depends on the sector, the size of the operation, the depth of the attack and the time it takes for the organization to realize that it has been breached. The average reaction time after an attack is 256 days worldwide, according to data from the Ponemon Institute and IBM.

SMBs in the US have taken action to take care of their Cybersecurity needs, but most invest only the minimum required by regulations to protect their systems (such as perimeter and antivirus security). In addition, top management typically shows little interest in being involved in the creation of a cybersecurity strategy, thinking “it couldn’t possibly happen to them” – the truth is, it’s easy to fall prey to attacks because we’re usually not paying attention to the very information we work with.

The disconnection of top management to the cybernetic needs of the company also implies that the investment in this item is minimal. The average investment in Cybersecurity currently in the world is seven million dollars; However, data from the Ponemon Institute suggest that the investment should be at least double.

The involvement, investment, and knowledge of top executives in Cybersecurity issues are crucial for their companies not to be affected by this issue since it is undeniable that the attacks are more frequent and simple to perpetrate. In addition, the potential for profits generated by cyber-attacks in the world warns of an attractive business that drives the attackers to keep going at it.