Three out of four SMBs in India suffered a cyber incident in the past year, resulting in 85 per cent losing customer information to malicious actors, in addition to a tangible impact on business
Small and medium-sized businesses (SMBs) in India are increasingly concerned about cybersecurity threats, according to a new study by Cisco titled ‘Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense’.
For two in three (62 per cent) SMBs in India that suffered cyber incidents in the past 12 months, these cyber-attacks cost their business more than ₹3.5 crore. Of these, 13 per cent say that the cost was over ₹7 crore.
Besides the loss of customer data, SMBs that suffered a cyber incident also lost internal emails (73 per cent), employee data (71 per cent), intellectual property (74 per cent), and financial information (75 per cent). In addition, 73 per cent of those said it disrupted their operations, 76 per cent admitted it negatively impacted their reputation, and more than half (70 per cent) said it resulted in a loss of customer trust.
The study further highlighted that attackers tried to infiltrate the systems of SMBs in several ways. In India, malware attacks, which affected 92 per cent of SMBs, topped the charts, followed by phishing (76 per cent).
The primary cause for security incidents for 38 per cent of those that suffered such incidents was not having cybersecurity solutions.
Meanwhile, 36 per cent ranked cybersecurity solutions not being adequate to detect or prevent the attack as the number one reason.
“As they digitise, SMBs are embracing the fact that any transformation, especially one that allows them to meet customers where they are and build trust, must begin with cybersecurity,” said Panish PK, Managing Director – Small Business, Cisco India & SAARC.
“However, given that they typically operate with limited resources and smaller teams, simplicity is the key to successful security deployments. According to the study, most SMBs (97 per cent) feel that they have too many technologies and struggle to integrate them,” the Cisco executive said.
Preparedness of SMBs
However, SMBs are catching up to face security challenges and are taking strategic measures such as carrying out simulation exercises to improve their cybersecurity posture.
According to the study, 89 per cent of SMBs in India have completed scenario planning and/or simulations for potential cybersecurity incidents in the past 12 months. The majority have a cyber response (91 per cent) and recovery plans (92 per cent) in place.
Furthermore, phishing is seen as the top threat by SMBs in India. 50 per cent of respondents ranked it as the number one threat.
SMBs are ramping-up their investments in cybersecurity, with almost half (44 per cent) of Indian SMBs having increased their security investment since the start of the pandemic by more than 5 per cent.
“These investments are well distributed across areas such as cybersecurity solutions, compliance or monitoring, talent, training, and insurance, suggesting a strong understanding of the need for a multi-faceted and integrated approach to building a robust cyber posture,” the report said.
It further highlighted five recommendations for organisations of all sizes to improve their cybersecurity measures.
These include “having frequent discussions with senior leaders and all stakeholders, taking a simplified, integrated approach to cybersecurity, staying prepared through conducting real-world simulations, training and educating employees, and working with the right technology partner.”
The study is based on an independent, double-blinded survey of over 3,700 business and IT leaders with cybersecurity responsibilities across 14 markets across the Asia Pacific region.