Seventy-seven percent of small- and medium-sized businesses believe that their companies are safe from cyberthreats and yet 83 percent of them have no formal cybersecurity plan. Um, yeah. And that was just one of the contradictions uncovered in a survey of 1,015 small- and medium-sized businesses carried out by the National Cyber Security Alliance and Symantec.
"It's not part of the culture yet," said Michael Kaiser, executive director of the NCSA, who added that he was "a little disheartened that we didn't see substantial movement."
"What I'm seeing though, is the increasing dependency of small businesses on the Internet. And as technology becomes more integrated into their businesses, they'll have to do better (on cybersecurity.)
The results present a widespread lack of concern among SMBs about the potential threat of cyberattacks with most expressing confidence about their ability to handle whatever comes their way -- this despite formal or informal plans for handling cyber attacks.
But no worries: Asked who deals with online security at the company, 66 percent of the business owners responded that they were responsible for minding the cyber store. Good luck, fellas.
Other tidbits of interest from the report:
- 87 percent don't have a formal written Internet policy for employees.
- 62 percent said they were very confident that their employees nonetheless were aware of the company's formal Internet security policy and practices.
- When it comes to social media: 75 percent of SMBs have no policy governing employee behavior
- 77 percent feel their companies are safe from cyberthreats
- 83 percent have no formal cybersecurity plan
- 73 percent say a safe Internet is critical to their success
- 77 percent describe a strong cybersecurity and online safety posture a positive for their brand.
- 59 percent have no contingency plan how to respond and report data breach losses.
- 66 percent express concern about cyberthreats.
But the report contains at least one piece of encouraging news for the future: the survey found that companies created since 2008 were almost 20 percent more likely than older small businesses to have written plans on how to stay safe against cyberthreats.