And, according to cyber security provider Keeper Security, which commissioned a study of more than 500 senior-level decision makers at companies with 500 employees or less, cyber security efforts are not at the top of the list of SMBs when it comes to where leaders are putting their focus and efforts – with US businesses “ripe for the picking”.
Among the findings of the study, two out of three business leaders surveyed (66%) don't believe they'll fall victim to a cyber attack, but Keeper says a previous study conducted by the Ponemon Institute for the company found that 67% of business had been attacked within the prior 12 months.
"Businesses face a vulnerability crisis when it comes to cyber criminals, and this reality won't get better until cyber security gets higher billing on their to-do list," said Darren Guccione, chief executive and co-founder of Keeper.
Keeper's 2019 Cyberthreat SMB study found that only about one in ten (12%) understand the reality that an attack is very likely, no matter how big or small the company.
Keeper says the SMB study also reveals differences in perception between newer and more mature businesses, with companies in business less than five years believing they're at a much higher risk than those operating for 10 or more years.
And, of companies in business less than five years, 28% believed it was "very likely" that they would be the target of a cyber attack, while only 6% operating for 10 or more years thought the same.
In fact, 70% of businesses operating for 10 or more years believed a cyber attack was not very likely or not likely at all, Keeper said.
According to Keeper, there is lack of organisational awareness into the importance of cyber security, and of the leadership polled, only 9% thought cyber security was the most important aspect of their business when compared with recruitment, marketing, sales, quality of internal tools, and contributing to social good.
In fact, nearly one in five respondents (18%) ranked cyber security as the least important aspect of all six, Keeper observed.
“Furthermore, respondents ranked a recession, damage to public reputation and a disruption to the business model as the most prominent threats to their business,” Keeper said, with cybersecurity ranked last by over one in five surveyed (21%), “despite the fact that such an attack would likely cause both a disruption in business model and damage to public reputation”.
Keeper says the survey revealed a disconnect between password security and cyber attack prevention strategy, although most companies understand the critical role of passwords when it comes to security.
The majority of respondents (69%) to the survey expressed positive sentiment about passwords, saying passwords make them feel "confident" or "secure" – and 75% of companies have policies in place that encourage or require employees to update their passwords regularly.
However, 60% of respondents reported not having any prevention plan in place against a cyber attack and Keeper said that since 81% of breaches are caused by weak or stolen passwords, the difference in reported password policies and lack of prevention plans points to a “disconnect in understanding that password security is itself a strategic prevention plan”.
And a quarter of business leaders surveyed (25%) admitted they don't even know where to start when it comes to cyber security.
“Cyber security starts with password security,” Keeper said.