Despite the growing number of attacks, SMBs still demonstrate a lax approach to their security practices, with only half of such companies investing in file encryption storage, according to cybersecurity company NordLayer.

As many as 35.6% of SMBs reported falling victim to phishing attacks last year

NordLocker research also showed that while the overall number of ransomware attacks may be decreasing, the rate of successful ransomware attacks is on the rise. This indicates that despite efforts to combat these threats, cybercriminals are becoming more adept at executing successful attacks.

In 2022, a staggering 35.6% of SMBs surveyed reported falling victim to phishing attacks. These attacks often involve deceptive emails or websites that steal sensitive data, can encrypt a company’s information, and have severe consequences for businesses. The only way to prevent these attacks is constant education for employees because they must learn to recognize these threats.

It is concerning to note that a mere 50.5% of small and medium-sized businesses (SMBs) offered cybersecurity training to their employees in the previous year. This statistic highlights a significant gap in the awareness and preparedness of SMBs when it comes to protecting themselves against cyber threats.

"Unfortunately, the survey also found that only 44.8% of SMBs have plans to implement cybersecurity training this year. This statistic underscores the need for increased awareness and education to help employees identify and mitigate potential cyber threats, as the human factor causes most cyberattacks," said Aivaras Vencevicius, Head of Product for NordLocker.

The survey also revealed that 54.6% of SMBs currently utilise encryption services. Encryption plays a crucial role in protecting sensitive data from unauthorised access. Without this protection, businesses are vulnerable to cyber-attacks and are at risk of devastating financial and reputational damage.

The first step in protecting company data — encryption

In today's digital landscape, the importance of encryption for businesses cannot be overstated. Encryption serves as a vital safeguard, protecting sensitive data from unauthorised access and potential breaches.

Vencevicius notes that as businesses increasingly rely on technology to store, transmit, and process valuable information, such as customer data, financial records, and trade secrets, the risk of cyberattacks and data breaches becomes ever-present. Encryption ensures that this data is transformed into an unreadable format, making it virtually impossible for hackers or unauthorised individuals to decipher and exploit.

While large companies have the resources to avoid the consequences of cyberattacks, SMBs need to recognise the potential consequences of neglecting cybersecurity investments. A single cyberattack can cripple a company, leading to financial losses and potentially even bankruptcy.

Methodology: NordLayer surveyed 500 companies in three countries: the United States, the United Kingdom, and Canada. The external agency SAGO conducted the surveys between March 15 and 25, 2023. Respondents were asked a set of questions about cyber incident costs and allocated budgeting for IT and security in the period of 2022-2023. The samples were taken from non-governmental organisations operating in the services industry, and the target respondents were decision-makers (sole or partial) for IT-related acquisitions. Companies were divided into three main groups based on size: 1-10 employees (small), 11-200 employees (medium), 201+ employees (large).