The worldwide cybersecurity market is expected to reach $167 billion in 2019, and it is only going to grow larger from there, given the number of attacks and the amount of wealth stored online. The line between physical and digital is being blurred more, and criminals are following the money. And often enough, the trail leads to businesses just like yours.
To put the level of growth into perspective, here is the estimated size of the market from 2015 projected until 2023:
We want to focus on the facts relating to the gravity of the threat and how you can protect your business, however, so let's get right to it and give you some context on what you should do for your business and what you should generally be aware of regarding cybersecurity:
The General Overview for 2019
While the details are important, first we would like to share with you some statistics that demonstrate just how widespread the global cybersecurity problem is:
- Hackers can automate attacks through bots, malicious websites, and similar tools. An attack occurs on a computer with internet access every 39 seconds (on average) according to a study by the University of Maryland. Consider how many computers your business uses and do the math on that for a second.
- On the FBI's most wanted page, there are 41 cybercriminals. They are wanted for crimes ranging from intellectual property theft to members of well-known cybercrime gangs.
- According to Business Insider, there will be 24 billion connected (and therefore exploitable) devices installed on the planet by 2020. That will be an estimated 3.2 devices per person living on the planet. How many devices does your business use, and are they all optimally protected?
- Gartner reports that global cybersecurity spending will increase to be over $124 billion in 2019, which will be an 8.7 percent increase from last year. There are no expectations that the spending will cease growth in the near future due to increasing government regulations regarding data security as well as consumer concerns.
- On a governmental scale, cybercrime is considered a constant threat, with the Cybersecurity Risk Determination and Report and Action Plan noting that 25 out of 96 agencies are effectively managing their risk. With that in mind, you will likely not be able to rely on too much government aid regarding cybersecurity. Your business will need to protect itself.
- This concept is difficult to quantify, but the barriers to entry for cybercrime are getting lower as more tools become available to the average person. More people than ever know how to conduct standard attacks, and as such low-skill (but still dangerous) cybercrime is being attempted more often. The barrier to entry will only become lower as criminal organizations invest in tools that allow anyone off the street to become a cybercriminal in a matter of days, boosting their overall profit.
Small Business Cybersecurity
Small businesses are often easy prey for cybercriminals. They often don't make cybersecurity a top priority and their limited resources prevent them from putting in place the absolute best practices and programs to protect them. To give you more context, we have some numbers and facts to illuminate the scale of the problem:
- The 2017 Ponemon Report on SMBs sponsored by Keeper showed that 61 percent of businesses experienced a cyberattack in fiscal year 2017 and 54 percent experienced a data breach. Without protection, you're effectively flipping a coin with your business.
- According to Small Business Trends, 43 percent of cyberattacks are aimed at small businesses. We would like you to keep in mind the size of the population as well as compared to the number of small businesses in existence. This is a targeted campaign you're dealing with.
- According to the Verizon Data Breach Investigation Report, the majority (58 percent) of malware attack victims are small businesses.
- Cybersecurity Ventures estimates that by the end of 2019 there will be an attack on small businesses every 14 seconds. We also can only expect the rate to go up as more criminals and criminal organizations turn to cybercrime.
- According to Kaspersky Labs, in 2017 about 26 percent of ransomware attacks targeted businesses. This is especially alarming for small businesses due to the data contained on their devices. An individual user might lose some important files and photos, but a business can lose nearly everything and then some.
- The 2018 Symatec Internet Security Threat Report also sees a vulnerability regarding the Internet of Things, as there was a 600 percent attack rate increase on devices related to the IoT. You might want to be careful about the vulnerabilities created by devices in your office.
- In 2017 Ponemon conducted a poll which showed that 70 percent of organizations believed that their security risk increased dramatically that year.
We would like to note, however, that these statistics don't spell certain doom for your business. They are only trends, and you and other business owners can break them. Your actions and preparations can clearly impact your risk level.
The Costs of Poor Cybersecurity
A successful cyberattack or data breach involving your business can cost you millions of dollars, which could bankrupt your business. Here are some more specific numbers on what lax practices can cost you:
- A joint study from IBM Security and the Ponemon Institute states that the average cost of a data breach globally is $3.86 million. The cost of each stolen record averages at $148. Consider how many records or pieces of sensitive information you are currently protecting.
- The same study notes that the average cost of a data breach for a U.S. company is $7.91 million.
- A 2018 report from McAfee states that cybercrime currently costs the global market over $600 billion a year.
- Cybersecurity Ventures notes that the total cost of cybercrime is likely to hit about $6 trillion each year by 2021. To put this number into perspective, this is more than the 2018 nominal GDP of Japan.
Where, When, and How
While your small business is a likely target, how do these attacks occur and what targets are used specifically? What are the more precise factors involved and what types of attacks might you expect? Once you know these facts, you can devote your time and energy to meet cyberattacks head-on:
- Mobile malware is a growing threat, and Symantec's Internet Security Threat Report for 2018 states that the number of new variants for malware increased by 54 percent over 2017. As smartphones become more advanced, their value to cybercriminals increases, smartphones connected to business accounts especially so.
- Computer World notes that Windows is the most targeted OS and that 98 percent of mobile malware targets Android phones. We recommend you choose your business' devices and prepare them with this in mind.
- Javelin Strategy and Research released a study that noted that there were 16.7 million victims of identity theft. While your business isn't a direct target of identity theft, you should note that small businesses are often how identity thieves get their information.
- According to Symantec, in 2017 cybercrime activity related to coin mining increased by over 34,000 percent, in an astonishing trend that seems likely to slow down due to the cooling off of the market but is still a major consideration. For the most part, cybercriminals will be seeking to steal your computers' processing power, effectively damaging the performance of your equipment.
- The Verizon Data Breach Investigation Report indicates that 92.4 percent of malware is delivered via email. To protect your business, email security and email security investigation is vital.
- According to Wipro, health care was the most targeted sector of all industries, with 40 percent of breaches. The trend is upwards, as cybercriminals are further realizing the potential profits to be made from health records and similar files.
- Another factor to consider is dwell time, which is the time a cybercriminal has access to your systems before being flushed out. In the Americas, the 2017 dwell times averaged 75.5 days according to FireEye. In this period, a cybercriminal would easily be able to gain access to everything and start to notice patterns about your business, opening it up for future exploitation.
- FireEye also notes that businesses that were targeted successfully previously were often attacked again the next year. Cybercriminals remember easy marks.
- Fileless attacks, which virus scanners and other types of protection aren't as useful with, are becoming more prevalent. Ponemon estimated that fileless attacks would comprise about 35 percent of all attacks in 2018.
It should be noted that while these are the current trends, a change in the market or a breakthrough in either cybercrime or cybersecurity (and the two are heavily related on a research standpoint) can create a new set of targets, so keep up to date on these statistics.
The Human Element
Unless every employee is trained in proper cybersecurity practices, your entire business is at risk. Most cybercrime doesn't necessarily occur through hacking and computer work as shown in the movies. Consider most cybercriminals one-part hacker and two-parts con artist, using social engineering and confidence tactics to get inside your company. Here are a few more statistics on the matter:
- According to the 2017 Verizon Data Breach Investigations Report, insiders (whether malicious or neglectful) are responsible for about 25 percent of data breaches. This number is far too high when you should be able to trust employees to act in your business' best interest. Be wary of disgruntled or soon to depart workers.
- The same report notes that weak or stolen passwords (nearly always a preventable occurrence) were responsible for over 80 percent of the hacking related breaches that took place.
- According to Wombat Security, 76 percent of businesses reported phishing attacks happening within the last year. These are the attacks most likely to involve your employees and human error, and they're bound to happen to your business as some point.
- The 2018 PwC report notes that only 53 percent of businesses require employees to be trained on privacy policies.
- The 2017 SMB Ponemon survey reports that 60 percent of small businesses are finding that attacks are becoming more sophisticated. This means your employees will need to be able to match this and become aware of these advanced tactics.
The best way to train your employees will depend on their learning styles, the size of your business, and a variety of other factors. Simply make your main goal to make sure and don't neglect new team members regarding this matter as they come in.
It's possible you might be wondering how your business can possibly protect itself at this point, but you should know that there absolutely are options to protect yourself and strategies you can use to make sure your business thrives and doesn't become another cybersecurity statistic.
You likely have a few of these steps in place already, but here are a few things you can do to start making your business safer online:
- First off, you'll have to deal with the human error factor before anything else. If your employees can be conned, there is nothing else you can do and it's only a matter of time until you're dealing with a data breach. Create an action plan and train your employees until basic vigilance regarding cybersecurity is second nature.
- Make sure your websites, data centers, computers, smartphones, and other devices have the proper protections in place. Freeware isn't the way to go here, and there are plenty of affordable options to protect your digital assets if you take the time to look for them.
- Secure WiFi networks and devices, and be wary of things such as bring your own device policies that can bring in malware or threats to your business under the radar. Effectively, minimize the potential for programs and files to get through your other defenses via human delivery (intentionally or unintentionally).
- The previously mentioned FireEye report notes that breaches discovered internally had a far less average dwell time than breaches first discovered externally. You need to be regularly scanning and monitoring your data, noticing any anomalies. A bit of preparation now can save your business a great deal of trouble in the long run.
- Don't be complacent in your current measures. Even if you already have systems in place, you're going to need to adapt them regularly. When was the last time you checked if your business' antivirus solution was the best choice? Whether the scams you're preparing for are actually used by cybercriminals today?
The above strategies don't cover everything you need to do to protect your small business. That would require not only an article all its own but for a book. To protect yourself, we cannot stress enough (and we will repeat this several times) the research and work required on either your or an IT professional's part to keep your business safe. It's an investment, but a necessary one.
We would also like to note that every business is unique and will have unique cybersecurity needs. As such, you won't be able to give yourself a few blanket protections and call it a day. Instead, you will either need to combine your knowledge of how your business operates with detailed research or otherwise bring in a professional (and then listen to them).
These statistics can be alarming, but we would be more concerned if you didn't find them alarming. The web is getting increasingly dangerous for the unaware and cybercrime is getting more profitable over time. Remember that in most cases cybercriminals will go after the weakest target or a weak point in your businesses. If you take the steps required to protect yourself and your business, you will be able to conduct business without fear.
We recommend creating an action plan or hiring a cybersecurity expert, depending on the size of your business. We also encourage you to educate yourself on further cybersecurity matters (any advice given here is the tip of the iceberg) and to keep up to date with developments as well. The cybercriminal element never rests for long, and you will need to remain vigilant.
We hope that the above information allows you to better protect yourself through 2019 and beyond, and we encourage you to have discussions on the topic and share this with your friends and partners. If the people around you are safer online, you will be safer as well.