I’m a little fish – only big retailers and hospitals need to be concerned about cyber security, right?
A “cyber security breach” is broadly defined as any incident that results in unauthorized access to data, applications, computers, servers, networks or devices. Cyber attacks are a growing worldwide problem and everyone should be concerned.
Eighty-seven percent of organizations experienced at least one cyber security incident in the last year. A recent Ponemon study indicates the probability of data breach in the next two years for all companies is at 27.7%. Moreover, the size of breaches is increasing. Six of the 2016 breaches ranked among the ten largest of all time.
Historically, smaller companies have been able to take solace in the fact that cyber attacks have been focused on large companies, including retailers, hospitals, and universities. However, trends are changing. There are two primary reasons hackers are increasingly going after small businesses: (1) Small businesses are plenty in number and present a huge market for expansion; and (2) Larger enterprises have enhanced their security systems and have pushed hackers to look for easier targets. In fact, the rise in attacks on small companies is startling. Forty-three percent of breaches hit companies with less than 250 employees.
Additionally, the lower costs of computing power allow “bad actors” to develop malware that permits more sophisticated attacks with greater frequency and with tools that can cause greater harm. Worst of all, the ramifications of an attack for small companies can be far worse. According to The National Cyber Security Alliance, small business are severely impacted by cybercrime each year; 60% of those hit go out of business within six months after the attack.
More than ever, small companies need to focus on the three key issues in Cyber Security: Prevention, Detection, and Response – Before cyber criminals focus on them.
Stephen E. Yoch is an attorney at Felhaber Larson in Minneapolis who represents clients on cyber security issues. Steve can be reached at firstname.lastname@example.org; (612) 373-8559.