ESET SMB Digital Security Sentiment Report: The damaging effects of breaches
SMEs need to not only reduce their chances of being hit by an attack, but also put in place a process they can follow should their defenses be breached
The prevalence of cyberattacks is steadily increasing, with our telemetry showing a 13% increase in cyberthreat detection by 2022 year-over-year. While the news tends to feature breaches involving large corporations, it would be wrong to assume that only large corporations are targeted by cybercriminals.
While these incidents make the most headlines, criminal activity in the digital world often shows no preference. And with so many IT platforms used by small and medium-sized businesses (SMEs), and the companies they frequently support, criminals can leverage a wide variety of tools and techniques that promise to provide an unfair advantage at scale.
However, with new threats constantly emerging, it is critical that SMEs, who may have less resilience to a security incident, not only implement measures to reduce their chances of experiencing a breach, but also prepare for the worst-case scenario. Business leaders must consider how they will mitigate the damage that cyberattacks can do to their business, whether that be the loss of sensitive customer data, theft of financial information, or a loss of customer trust.
Security doesn’t keep pace
In our survey of over 1,200 SME cybersecurity decision makers conducted last year, two-thirds (69%) said they experienced a breach or acted on strong indications of one of them within the past 12 months. A third even said they had been violated more than once. Something needs to be done.
Worryingly, 70% of SMBs warn that their investments in IT security are not keeping pace with the changes to operational models they have been forced to make during the pandemic, and 77% say they will continue to use technologies designed to ease hybrid work – such as Remote Desktop Protocol (RDP). – regardless of security risks.
However, many are taking steps in the right direction. These include implementing multi-factor authentication (50%), insisting on using corporate VPNs (50%), updating remote access tools (49%), and using more secure configurations for remote access tools (37%).
Investigation and reconfiguration
For SMBs that experience a breach, it usually takes several weeks to investigate the attack and reconfigure IT systems to prevent similar attacks in the future. A third (32%) said it took between seven and 12 weeks, and only a fifth (21%) said it took less than two weeks. To save time, it is important for SMBs to establish robust protocols that can be followed in the event of a cyber attack.
While the time to recovery may vary, SMBs are quick to take action after a breach, with the most popular responses including investing in cybersecurity training for IT teams (42%), conducting cybersecurity risk audits (39%), and investing in new ones. cybersecurity tools (38%). In retrospect, SME leaders should consider the savings that can be achieved by taking these steps proactively, rather than reacting after something goes wrong.
A cybersecurity audit is a smart move for any SMB, as it can be used to minimize risks. Our survey shows that almost 3 in 10 (27%) of SMBs conducted a cybersecurity audit in the last six months, and a third (33%) in the last year. When a cybersecurity audit is conducted, 52% use an external IT security company, and 40% conduct the audit themselves.
While the factors investigated in a cybersecurity audit vary, they most likely include protecting sensitive information (44%), identifying and assessing cybersecurity threats (39%), detailing recovery plans for lost or stolen data (38%), and employees cyber awareness (37%).
you are not alone
With two-thirds of SMEs experiencing breaches, it is no longer a case of if, but when. The average cost of a breach to SMEs is estimated at €219,000, at a time when many are already struggling with rising fees. However, if SMB can resume operations in time, this cost can be reduced.
Therefore, it is critical that businesses not only put in the time and thought into reducing their chances of being exposed to a cyber attack, but also put in place a process that they can follow should their defenses be breached.
Remember, you are not alone. ESET provides SMBs with multi-layered enterprise-grade endpoint protection, featuring easy-to-use management, the latest machine learning, and multiple scalable protection options, including Extended Detection and Response. To find out more, please visit to our website. If you are interested in knowing more about our SMB survey, read our ESET SMB Digital Security Sentiment Report 2022.