The AppRiver Cyberthreat Index for Business was developed by independent firms Idea Loft and Equation Research, in consultation with University of West Florida Center for Cybersecurity, using survey data collected online in April of 2019.
More than half (55 percent) of executives at small-to-medium-sized businesses (SMBs) said they would pay hackers in order to recover their stolen data in ransomware attacks, according to the second quarterly AppRiver Cyberthreat Index for Business Survey. That number jumps to 74 percent among larger SMBs that employ 150-250 employees, with nearly 4 in 10 (39 percent) going as far as saying they “definitely would pay ransom at almost any price” to prevent their data from being leaked or lost.
On the flip side, 45 percent of SMB leaders refuse to give in to cybercriminals, regardless of the ransom amount. Legal services and nonprofit SMBs are least willing to pay ransom in exchange for hacked data, with 67 and 60 percent respectively saying they will not engage with cybercriminals regardless of the ransom amount or value of the stolen data.
Social media viewed as a threat
Eighty-four percent of all SMB executives and IT decision makers surveyed say the use of social media apps and websites at the workplace or on a business device concerns them as a potential source of cyberthreats. According to these respondents, Facebook by far poses the most significant liability, with 77 percent saying they are most concerned about Facebook as a security risk at the work place. Telecom SMBs in particular are cautious about their employees’ use of Facebook in the workplace or on a business device, with 83 percent of all telecom SMB leaders saying they are most concerned about the social media platform as a potential security threat.
In contrast, only about one fifth of these SMB leaders say they are concerned about the risks introduced by Twitter (21 percent) or YouTube (20 percent), followed by Instagram (19 percent), WhatsApp (18 percent), Snapchat (15 percent), LinkedIn (13 percent) and Pinterest (3 percent).
David Wagner, CEO of Zix Corp, the parent company of AppRiver, presented the Q2 data this morning during the 2019 Centers of Academic Excellence in Cybersecurity Executive Leadership Forum in Pensacola Beach, Fla. The event was created in cooperation with the NSA/DHS Centers of Academic Excellence in Cybersecurity Program and hosted by the Center for Cybersecurity at the University of West Florida.
“Cybersecurity is no longer just a technology issue; it amounts to an off-balance sheet liability being carried by every company that isn’t adequately protected. Ransom scenarios, whether initiated through social media apps or any attack vector, have the potential to disrupt or destroy a business overnight,” Wagner said. “The Q2 AppRiver Cyberthreat Index for Business Survey shows clearly that too many companies are willing to take a significant financial hit to possibly recover their data. Our challenge as cybersecurity leaders is to help them understand how to properly invest fewer dollars on the front end and avoid the problem to start with.”
Compromised data management
Dispersed files and varying security levels may be another reason why businesses are constantly at risk of cyberattacks. Nearly half (48 percent) of AppRiver Index respondents say their confidential business data is scattered across multiple locations, including laptops, smartphones, tablets, as well as on network drives. Financial services and insurance, healthcare and pharmaceutical, and government SMBs appear to be the sectors that take secure data storage most seriously, with 67 percent, 63 percent and 62 percent respectively saying their business data is located on their secured network and nowhere else. 24 percent of all transportation SMBs and 23 percent of retail SMBs say their confidential data is not on a secured network at all, or they do not know where their most vital data is stored.
While 81 percent of all small-to-medium-sized business decision makers say they use cloud-based solutions to store their confidential data, 44 percent of respondents are concerned about the cloud’s security, and another 19 percent say they don’t believe it offers convenience as a benefit. SMBs in the legal sector, and in the transportation and logistics sector in particular appear skeptical, where over half of decision makers in each say they don’t trust the cloud as a secure storage option. Conversely, leaders in technology, telecom, marketing and financial services sectors report higher confidence in the cloud’s security and convenience.
“The quarterly AppRiver Cyberthreat Index for Business Survey provides the opportunity to analyze trends over time. The fact that the Q2 Index registered slightly lower than in Q1, currently at 58.1 on a 100-point scale, demonstrates an ongoing complacency toward cybersecurity risks,” said Troy Gill, a senior security analyst at AppRiver. “Significant attacks in 2018 such as the Marriott breach of 500 million identities have yet to affect most consumers and businesses, luring respondents into an unrealistic feeling of safety.”
"The Q2 AppRiver Cyberthreat Index for Business Survey provides deep insights into the attitudes and concerns of decision-makers at small- and medium-sized businesses. This is the lifeblood of the American business community, as census data shows that firms with fewer than 100 workers represent 98.2 percent of all businesses,” said Dr. Eman El-Sheikh, Director of the University of West Florida Center for Cybersecurity. “The high willingness to pay ransom demonstrates the importance of business data to these organizations, however, the growing apathy of threat fatigue could prove to be dangerous. The time is now to institute cyber readiness training, tools and policies.”
The AppRiver Q2 Cyberthreat Index for Business surveyed 1,035 cybersecurity decision makers in SMBs (fewer than 250 employees) in April 2019, covering diverse industry sectors and company sizes. The national study had a strong SMB leadership involvement with 80 percent of those surveyed holding titles of CEO, president, owner, CTO or head of IT.
About AppRiverAppRiver, a Zix company, is a channel-first provider of cloud-enabled security and productivity services, with a 4,500-strong reseller community that protects 60,000 companies worldwide against a growing list of dangerous online threats. Among the world’s top Office 365 and Secure Hosted Exchange providers, the company’s brand is built on highly effective security services backed by 24/7 white-glove Phenomenal Care® customer service. AppRiver is headquartered in Gulf Breeze, Florida and maintains offices in Georgia, Texas, New York, Canada, Switzerland, and the U.K. For more information, please visit www.appriver.com.
The AppRiver Cyberthreat Index for Business was developed by independent firms Idea Loft and Equation Research, in consultation with University of West Florida Center for Cybersecurity, using survey data collected online in January of 2019.
A majority (58 percent) of executives at small-to-medium-sized businesses (SMBs) are more concerned about suffering a major data breach than a flood, a fire, a transit strike or even a physical break-in of their office, according to the inaugural . The figure jumps to 66 percent when measuring large SMBs (150-250 employees) that now fear a data breach would be more detrimental than traditional disasters for businesses.
“In today’s digital age, businesses rely on their intellectual property and use automated business processes more than ever before – bringing cybersecurity to the forefront,” said Dave Wagner, CEO of Zix Corporation, parent company of AppRiver. “The AppRiver Cyberthreat Index for Business Survey findings punctuate this evolution and highlight how businesses need to better prepare for cyberthreats.”
Nearly half of SMBs (48 percent) said a major data breach would likely shut down their business permanently. The percentage increased significantly with 71 percent of financial services and insurance SMBs reporting that a major breach would be fatal to their business. Healthcare and business consulting SMBs followed at 62 percent and 60 percent, respectively.
The survey further revealed that SMBs are more concerned about attacks from disgruntled ex-employees than highly publicized threats from nation-states, or even cyberattacks from competitors, rogue hacktivist groups or lone-wolf hackers.
While SMBs are concerned about cybercriminals, not all of them are on high enough alert. The hospitality industry is a prime example. Despite the 2018 Marriott breach of 500 million customer records, only 28 percent of hospitality-sector respondents believe their business is vulnerable to imminent threats of cybersecurity attacks, compared to 62 percent of respondents who work in technology and 47 percent in the financial sector. Similarly, only 50 percent of hospitality respondents believe a successful cyberattack would cast short- and long-term business losses, compared to 72 percent each in the financial and healthcare sectors and 71 percent in the technology sector.
“Today, 6 in 10 U.S. SMBs go out of business within six months of a successful cyberattack,” said Troy Gill, a senior security analyst at AppRiver. “However, I often see a sizable gap between perceptions and reality among many SMB leaders, which is again evident in the inaugural index. They don’t know what they don’t know; the lack of preparedness becomes a dangerous weapon for cybercriminals.”
University of West Florida Center for Cybersecurity Director Dr. Eman El-Sheikh said this research sheds new light on serious issues confronting SMBs.
"The establishment of the AppRiver Cyberthreat Index for Business addresses a critical need to understand organizations' cyber vulnerability and readiness,” she said. “The Index provides a benchmark for small- and medium-sized businesses and leaders to measure our collective cyber resiliency and emphasizes the importance of cybersecurity workforce development.”
The AppRiver Cyberthreat Index for Business surveyed 1,059 cybersecurity decision-makers in SMBs (less than 250 employees) in early 2019, covering diverse industry sectors and company sizes. The national study had a strong SMB leadership involvement with 80 percent of those surveyed holding titles of CEO, president, owner, CTO or head of IT*.