Cyberattacks Surge on US Small Businesses, 82% Boost Security Budgets

A recent report reveals a surge in cyberattacks on US small and medium-sized businesses, prompting 82% of leaders to increase cybersecurity budgets. However, the report highlights the need for qualitative investments in policies, education, and culture to effectively combat these attacks.

author-image
Trim Correspondents
New Update
Cyberattacks Surge on US Small Businesses, 82% Boost Security Budgets

Cyberattacks Surge on US Small Businesses, 82% Boost Security Budgets

A recent report by LastPass and InnovateMR reveals a disturbing increase in cyberattacks targeting small and medium-sized businesses (SMBs) in the United States. The report found that 82% of surveyed business leaders have increased their cybersecurity budgets in response to the growing threat. However, it also highlights the need for qualitative investments in cybersecurity policies, employee education, and organizational culture to effectively combat these attacks.

Why this matters: The surge in cyberattacks on SMBs poses a significant threat to the entire economy, as these businesses are the backbone of the US economy and a critical part of the supply chain. If left unchecked, these attacks could lead to widespread data breaches, financial losses, and disruption to critical infrastructure.

The surge in attacks on SMBs can be attributed to their resource constraints and often lax cybersecurity measures, making them easier targets for cybercriminals. Additionally, SMBs are being targeted as entry points to infiltrate larger organizations farther up their supply chains. The survey, which included 633 US-based leaders at small businesses (10-499 employees) and mid-sized ones (500-2,999 employees), uncovered some concerning disconnects within these organizations.

While 92% of executives and 93% of IT leaders believe employees understand security expectations, only 78% of non-IT leaders feel the same, indicating a misalignment among different groups within companies. Even more alarming, "one in five business leaders and one in 10 IT security leaders" admitted to circumventing their own security policies. Younger workers, particularly those in Gen Z, are more likely to violate cybersecurity protocols, with "36% of Gen Z professionals" admitting to writing down passwords.

To address these issues, the report recommends that leaders make qualitative investments in cybersecurity policies, employee education, and organizational culture. Alex Cox, Director of Threat Intelligence for LastPass, emphasizes the importance of understanding a company's crown jewels, potential attackers, and most likely threats. The report also suggests that leaders across an organization should consult together to determine the true level of employee understanding and achieve organization-wide compliance with cybersecurity policies.

Implementing a balanced approach of stronger incentives for compliance and stricter consequences for violations can help improve adherence to cybersecurity protocols. The report also advises simplifying processes for temporary policy exceptions to help employees complete important work without resorting to dishonest measures. As Cox states, "Leaders should spend more time making qualitative investments to improve cybersecurity, including policy, education, and culture."

The surge in cyberattacks on SMBs in the US serves as a stark reminder of the importance of robust cybersecurity measures and a strong cybersecurity culture within organizations. As businesses continue to increase their cybersecurity budgets, it is crucial that they also focus on qualitative investments in policies, education, and culture to effectively protect themselves against the growing threat of cyberattacks.

Key Takeaways

  • 82% of SMB leaders increased cybersecurity budgets due to growing threats.
  • Cyberattacks on SMBs pose a significant threat to the entire US economy.
  • SMBs are targeted due to resource constraints and lax cybersecurity measures.
  • Disconnects exist between executives, IT leaders, and non-IT leaders on security expectations.
  • Qualitative investments in policies, education, and culture are crucial to combat cyberattacks.