Fully 93 percent of SMBs expect foreign adversaries to use small businesses as entry points to breach national security or wage cyber war in the coming year, a recent Zix-AppRiver survey of 1,049 cyber security decision makers at U.S. SMBs with fewer than 250 employees found.
Among larger SMBs with 150-250 employees, that figure jumps to 97 percent.
Seventy-nine percent of respondents (and 93 percent of respondents at larger SMBs) said potential cyber threats are a top-of-mind concern for their companies.
Seventy-two percent of respondents said a successful cyber attack would be harmful to their business, and 22 percent (32 percent of respondents at larger SMBs) believe there’s a high likelihood their business wouldn’t survive an attack.
“In 2019, we saw cyber attacks on our government trickle down from large agencies to smaller local municipalities and schools,” Zix CEO Dave Wagner said in a statement. “That follows the pattern we’ve seen in business, where attacks have expanded from big corporations to small and medium-sized businesses.”
“While these attacks can originate from anywhere, the survey data shows that SMBs believe foreign actors and even nation states may be targeting them as a first step toward access to larger companies or government agencies,” Wagner added.
In response, 62 percent of respondents (81 percent at larger SMBs) plan to increase their cyber security budgets in 2020. Key investments include cyber security technology (58 percent), security awareness training (57 percent), regular reviews of security defense (50 percent), hiring more in-house security talent (35 percent), and outsourcing more security tasks (30 percent).
Just 10 percent of respondents have no plans to improve their security in 2020.
Shopping and AI
In the meantime, 82 percent of respondents expect many of their employees to shop online this holiday season on a work device containing business and customer data. Notably, 32 percent of respondents didn’t know that doing so could present a security risk.
That’s true even in highly regulated industries like healthcare and financial services, where 78 percent and 92 percent of respondents, respectively, expect many of their employees to shop online using a corporate device.
In addition, 49 percent of respondents don’t think most of their employees would be able to spot a phishing attempt or a fake link posing as an online retailer – and among those, 4 in 10 don’t think they themselves could do so.
And while 88 percent of respondents said they’re considering AI adoption for their businesses, fully 68 percent of those respondents aren’t aware of any cyber security risks that could accompany its use – and 32 percent are aware of potential cyber security risks but are planning to move forward with adoption anyway.
“The latest survey results show that as businesses become more dependent on technology – with more planning the adoption of AI – and as global borders become blurred in cyberspace, increased cyber threats are expected to become a fact of life for all businesses, regardless of size or industry,” the report states.