Q4 Cyberthreat Index for Business

Zix | AppRiver Survey: Small Businesses Believe They Will be Targets of Cyberattacks by Foreign Adversaries in 2020.

 

New Research from Zix | AppRiver highlights small and midsize businesses’ concerns over increased cyberattacks by nation-states; reveals how they plan to improve their security posture next year.

 

 

Gulf Breeze, FL – December 3, 2019 – AppRiver, a Zix (NASDAQ: ZIXI) company and leading channel-first provider of security, productivity and compliance solutions, today announced the findings of its Q4 Cyberthreat Index for Business Survey, uncovering the top cybersecurity concerns and mitigation strategies among small- and medium-sized businesses (SMBs) as they move into 2020.

With cybersecurity concerns already mounting ahead of the 2020 presidential election, SMB executives are turning their attention to how these threats could impact their own business. According to the survey, 93 percent believe that as foreign adversaries attempt to breach national security or wage cyberwar, they will use small businesses such as their own as entry points. Among them, two-thirds expect this threat to become even more severe.

“In 2019, we saw cyberattacks on our government trickle down from large agencies to smaller local municipalities and schools,” said Dave Wagner, CEO, Zix. “That follows the pattern we’ve seen in business, where attacks have expanded from big corporations to small- and medium-sized businesses. While these attacks can originate from anywhere, the survey data shows that SMBs believe foreign actors and even nation-states may be targeting them as the first step toward access to larger companies or government agencies.”

 

This, among other cybersecurity concerns, could be a possible driver behind SMBs’ plan to shore up their security investment and defenses in 2020. Sixty-two percent of all SMBs plan to increase their cybersecurity budgets in 2020. Among the list of cybersecurity upgrades they’d like to make, their highest priorities include employing more cybersecurity technology (58 percent), creating better security awareness training for their employees (57 percent) and conducting more regular reviews of their security defenses (50 percent). These findings are in line with other key results from the survey, which indicate that only 43 percent of all SMBs currently feel in-control and confident in their own cyber preparedness. 

SMBs within the government and technology sectors are among those most concerned about nation-state cyberattacks on their business in 2020. Executives within these industries also have the highest propensity to increase their cybersecurity budgets in 2020, with 77 percent of technology SMBs and 76 percent government SMBs planning to increase their budgets in the coming year. 

It seems unusual that small and midsize companies are concerned about foreign powers, but with elections coming up in 2020, they have legitimate reasons to worry about becoming vulnerable entry points for outside entities,” said Troy Gill, senior cybersecurity analyst at AppRiver. “The silver lining is that they are actively planning to improve their security with new technology and better training for employees, which together, are a powerful combination.”

About the Survey

The survey polled 1,049 cybersecurity decision-makers within U.S. SMBs (fewer than 250 employees), covering a diverse range of industry sectors. 

The Zix | AppRiver quarterly Cyberthreat Index for Business Survey measures SMB decision-maker attitudes and experiences across a variety of cybersecurity-related dimensions, culminating in a score that can be analyzed for change over time. The Q4 Index registered a score of 60.1 on a 100-point scale, holding steady after the previous quarter (60.5 in Q3) and indicating that SMBs are continuing to become more aware of today’s imminent cyberthreats and are making strides toward improving their security posture.

The complete Q4 Cyberthreat Index for Business Survey report can be downloaded here

About AppRiver
AppRiver, a Zix company, is a channel-first provider of cloud-enabled security and productivity services, with a 4,500-strong reseller community that protects 60,000 companies worldwide against a growing list of dangerous online threats. Among the world’s top Office 365 and Secure Hosted Exchange providers, the company’s brand is built on highly effective security services backed by 24/7 white-glove Phenomenal Care® customer service. AppRiver is headquartered in Gulf Breeze, Florida and maintains offices in Georgia, Texas, New York, Canada, Switzerland, and the U.K. For more information, please visit www.appriver.com.

About Zix Corporation

Zix Corporation (Zix) is a leader in email security. Trusted by the nation’s most influential institutions in healthcare, finance and government, Zix delivers a superior experience and easy-to-use solutions for email encryption and data loss prevention, advanced threat protection, unified information archiving and mobile security. Focusing on the protection of business communication, Zix enables its customers to better secure data and meet compliance needs. Zix is publicly traded on the Nasdaq Global Market under the symbol ZIXI. For more information, visit www.zixcorp.com.

 

AppRiver’s Q3 Cyberthreat Index for Business Survey Reveals a Troublesome Gap Between SMBs’ Threat Risk Perceptions and Reality



Gulf Breeze, FL – September 18, 2019 – AppRiver, a Zix (NASDAQ: ZIXI) company and leading channel-first provider of security, productivity and compliance solutions, today announced the findings of its Q3 Cyberthreat Index for Business Survey, revealing the extent to which small-to-medium-sized businesses (SMBs) underestimate the impact of today’s cybersecurity threats. The survey polled 1,083 cybersecurity decision-makers in U.S. SMBs (fewer than 250 employees), covering a diverse range of industry sectors.

The findings expose a common misconception among SMBs surrounding the financial impact a cyberattack can have on their business. According to the survey, two out of three smaller SMBs (67 percent) with 1 to 49 employees believe they will sustain total damages under $25,000 in the event of a successful cyberattack. Over half of these SMBs (55 percent) went as far as to say they would sustain less than $10,000 in damages. In reality, the average cost of a data breach for SMBs in North America is estimated to be $149,000.

Respondents were reminded to consider total estimated damages, including costs of data retrieval, system repairs and upgrades, lost businesses, potential ransom payment, PR and damage control, potential lawsuits, and compensation to customers.

Despite the prevalence of cybersecurity incidents within SMBs (72 percent reported phishing attempts on their business in the last three months) the survey demonstrates that the majority of SMBs are slow to address known vulnerabilities.

Only 38 percent of all survey respondents claim that they apply patches immediately once available – a finding that is consistent among all industries surveyed, including those that handle highly sensitive data, such as healthcare/pharmaceuticals (36 percent), government (36 percent), legal (38 percent) and retail (34 percent).

Beyond patch management, the survey findings indicate that some SMBs are failing to continually improve their cybersecurity readiness overall. Roughly one-third (32 percent) of respondents at smaller SMBs say they “have not done much” to improve their cyber preparedness since 2018. Nevertheless, among these respondents, 37 percent still believe they are in better shape now than last year, and that they believe cybercriminals have done even less to improve their tactics during this period.

“Nearly two decades of constant fear-based messages have taken their toll on smaller SMBs,” said Geoff Bibby, vice president of marketing for Zix. “Fatalism and a false sense of security are signs that they need more straightforward education and awareness. The threats are very real and the stakes are incredibly high, but there are simple ways to make startups and early stage companies much harder targets.”

The quarterly AppRiver Cyberthreat Index for Business Survey measures SMB decision-maker attitudes and experiences across a variety of cybersecurity-related dimensions, culminating in a score that can be analyzed for change over time.

For the first time since the survey's inception in Q1 2019, the Q3 Index score tipped over the 60-point mark, registering at 60.5 on a 100-point scale and indicating a trend of higher alert among SMBs as compared to Q1 and Q2 of 2019.

“In the wake of major cybersecurity crises this year – from American Medical Collection Agency breach to the continual hits we’ve seen on local governments in places like Maryland, Florida, and most recently, Texas – it’s not surprising that most small businesses and the public at large are increasingly concerned,” said Troy Gill, manager of security research at AppRiver. “The challenge is in helping them translate that concern into positive action rather than passive acceptance.”

About AppRiver
AppRiver, a Zix company, is a channel-first provider of cloud-enabled security and productivity services, with a 4,500-strong reseller community that protects 60,000 companies worldwide against a growing list of dangerous online threats. Among the world’s top Office 365 and Secure Hosted Exchange providers, the company’s brand is built on highly effective security services backed by 24/7 white-glove Phenomenal Care® customer service. AppRiver is headquartered in Gulf Breeze, Florida and maintains offices in Georgia, Texas, New York, Canada, Switzerland, and the U.K. For more information, please visit www.appriver.com.

About Zix Corporation

Zix Corporation (Zix) is a leader in email security. Trusted by the nation’s most influential institutions in healthcare, finance and government, Zix delivers a superior experience and easy-to-use solutions for email encryption and data loss prevention, advanced threat protection, unified information archiving and mobile security. Focusing on the protection of business communication, Zix enables its customers to better secure data and meet compliance needs. Zix is publicly traded on the Nasdaq Global Market under the symbol ZIXI. For more information, visit www.zixcorp.com

 

 

The AppRiver Cyberthreat Index for Business was developed by independent firms Idea Loft and Equation Research, in consultation with the University of West Florida Center for Cybersecurity, using survey data collected online in January and April 2019.

 

Download The Q2 Cyberthreat Index

 

The survey has a + / – 3% margin of error. The national sample of respondents comprises 2,094 C-level executives and IT professionals in small-to-medium-sized businesses and organizations (SMBs), among which, 197 respondents are in the Retail vertical. 61% of these businesses report they have compliance requirements for how they store and manage their customers’ data.

 

Company sizes

1-9 employees                         54%

10-49 employees                    17%

50-99 employees                    14%

100-199 employees                12%

200-250 employees                  3%

 

Job titles

CEO/President/Owner                                                70%

CTO/Head of IT                                                           18%

CFO/COO                                                                     8%

Head of Data Mgmt/Compliance Officer                      4%

 

Product relevance

Email hosting                                                              77%

Email encryption and security                                    54%

Email archiving and continuity                                    63%

Web security and continuity                                       78%

Business software, e.g., Office 365 or similar            88%

Data privacy and compliance                                     68%

Tech support and business continuity                        68%

 

The AppRiver Cyberthreat Index for Business was developed by independent firms Idea Loft and Equation Research, in consultation with University of West Florida Center for Cybersecurity, using survey data collected online in January of 2019.



 

A majority (58 percent) of executives at small-to-medium-sized businesses (SMBs) are more concerned about suffering a major data breach than a flood, a fire, a transit strike or even a physical break-in of their office, according to the inaugural . The figure jumps to 66 percent when measuring large SMBs (150-250 employees) that now fear a data breach would be more detrimental than traditional disasters for businesses.

 

“In today’s digital age, businesses rely on their intellectual property and use automated business processes more than ever before – bringing cybersecurity to the forefront,” said Dave Wagner, CEO of Zix Corporation, parent company of AppRiver. “The AppRiver Cyberthreat Index for Business Survey findings punctuate this evolution and highlight how businesses need to better prepare for cyberthreats.”

 

Nearly half of SMBs (48 percent) said a major data breach would likely shut down their business permanently. The percentage increased significantly with 71 percent of financial services and insurance SMBs reporting that a major breach would be fatal to their business. Healthcare and business consulting SMBs followed at 62 percent and 60 percent, respectively.

 

The survey further revealed that SMBs are more concerned about attacks from disgruntled ex-employees than highly publicized threats from nation-states, or even cyberattacks from competitors, rogue hacktivist groups or lone-wolf hackers.

 

While SMBs are concerned about cybercriminals, not all of them are on high enough alert. The hospitality industry is a prime example. Despite the 2018 Marriott breach of 500 million customer records, only 28 percent of hospitality-sector respondents believe their business is vulnerable to imminent threats of cybersecurity attacks, compared to 62 percent of respondents who work in technology and 47 percent in the financial sector. Similarly, only 50 percent of hospitality respondents believe a successful cyberattack would cast short- and long-term business losses, compared to 72 percent each in the financial and healthcare sectors and 71 percent in the technology sector.

 

“Today, 6 in 10 U.S. SMBs go out of business within six months of a successful cyberattack,” said Troy Gill, a senior security analyst at AppRiver. “However, I often see a sizable gap between perceptions and reality among many SMB leaders, which is again evident in the inaugural index. They don’t know what they don’t know; the lack of preparedness becomes a dangerous weapon for cybercriminals.”

 

University of West Florida Center for Cybersecurity Director Dr. Eman El-Sheikh said this research sheds new light on serious issues confronting SMBs.

 

"The establishment of the AppRiver Cyberthreat Index for Business addresses a critical need to understand organizations' cyber vulnerability and readiness,” she said. “The Index provides a benchmark for small- and medium-sized businesses and leaders to measure our collective cyber resiliency and emphasizes the importance of cybersecurity workforce development.”

 

The AppRiver Cyberthreat Index for Business surveyed 1,059 cybersecurity decision-makers in SMBs (less than 250 employees) in early 2019, covering diverse industry sectors and company sizes. The national study had a strong SMB leadership involvement with 80 percent of those surveyed holding titles of CEO, president, owner, CTO or head of IT*.