Nearly 74% SMBs suffered a cyber incident in the last year: Cisco study

Cyber-attacks have cost SMBs more than Rs 3.5 cr to Rs 7 cr in the last 12 months

Three in four (74 per cent) SMBs in India suffered a cyber incident in the past year, resulting in 85 per cent of them losing customer information to malicious actors, in addition to a tangible impact on business, said a study carried out by Cisco, titled Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense.

The study also reported that more than half (62 per cent) of SMBs in India that suffered cyber incidents in the past 12 months said that cyber-attacks cost their business more than Rs 3.5 crore. Of these, 13 per cent said that the cost was over Rs 7 crore.

The study is based on an independent, double-blind survey of over 3,700 business and IT leaders with cybersecurity responsibilities across 14 markets across the Asia Pacific region.

The survey highlighted that SMBs saw several ways in which attackers tried to infiltrate their systems. In India, malware attacks, which affected 92 per cent of SMBs, topped the charts, followed by phishing (76 per cent%). Around 38 per cent of those that suffered incidents said that the number one cause was not having cybersecurity solutions. Meanwhile, 36 per cent ranked cybersecurity solutions as not being adequate to detect or prevent the attack as the primary reason.

Apart from the loss of customer data, SMBs that suffered a cyber incident also lost internal emails (73 per cent), employee data (71 per cent), intellectual property (74 per cent), and financial information (75 per cent). In addition, 73 per cent of those said it disrupted their operations, 76 per cent admitted it negatively impacted their reputation, and more than half (70 per cent) said it resulted in a loss of customer trust.

However, SMBs are rising to the challenge. The study highlights that they are taking strategic measures like carrying out simulation exercises to improve their cybersecurity measures.

"As they digitise, SMBs are embracing the fact that any transformation, especially one that allows them to meet customers where they are and build trust, must begin with cybersecurity," said Panish PK, managing director - Small Business, Cisco India & SAARC.

However, given that SMBs typically operate with limited resources and smaller teams, simplicity is the key to successful security deployments. According to the study, most SMBs (around 97 per cent) feel that they have too many technologies and struggle to integrate them.

Cisco's study found that while SMBs in India are more worried about cybersecurity risks and challenges, they are also taking a planned approach to understand and improve their cybersecurity posture through strategic initiatives. According to the study, 89 per cent of SMBs in India have completed scenario planning and/or simulations for potential cybersecurity incidents in the past 12 months. The majority have a cyber response (91 per cent) and recovery plans (92 per cent) in place.

SMBs are also increasingly aware of where their biggest cyber threats come from. The research highlighted that phishing (50 per cent ranked it #1) is seen as the top threat by SMBs in India.

The good news is that SMBs are ramping up their investments in cybersecurity, with almost half (44 per cent) of Indian SMBs having increased their security investment since the start of the Coronavirus (Covid-19) pandemic by more than 5 per cent.