A new study by Cisco titled Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense shows that small and medium-sized businesses (SMBs) in India are exposed, under attack, and more worried about cybersecurity threats than before.
According to the study, three in four (74 percent) SMBs in India suffered a cyber incident in the past year, resulting in 85 percent losing customer information to malicious actors, in addition to a tangible impact on business.
More than half (62 percent) of SMBs in India that suffered cyber incidents in the past 12 months said that cyber-attacks cost their business more than Rs 3.5 crore. Of these, 13 percent say that the cost was over Rs 7 crore.
The study is based on an independent, double-blinded survey of over 3,700 business and IT leaders with cybersecurity responsibilities across 14 markets across the Asia-Pacific region.
The survey highlighted that SMBs saw several ways in which attackers tried to infiltrate their systems. In India, malware attacks, which affected 92 percent of SMBs, topped the charts, followed by phishing (76 percent). 38 percent of those that suffered incidents said that the number one cause was not having cybersecurity solutions. Meanwhile, 36 percent ranked cybersecurity solutions not being adequate to detect or prevent the attack as the number one reason.
Besides the loss of customer data, SMBs that suffered a cyber incident also lost internal emails (73 percent), employee data (71 percent), intellectual property (74 percent), and financial information (75 percent). In addition, 73 percent of those said it disrupted their operations, 76 percent admitted it negatively impacted their reputation, and more than half (70 percent) said it resulted in a loss of customer trust.
However, SMBs are rising to the challenge. The study highlights that they are taking strategic measures like carrying out simulation exercises to improve their cybersecurity posture.
"As they digitize, SMBs are embracing the fact that any transformation, especially one that allows them to meet customers where they are and build trust, must begin with cybersecurity," said Panish PK, Managing Director - Small Business, Cisco India & SAARC.
"However, given that they typically operate with limited resources and smaller teams, simplicity is the key to successful security deployments. According to the study, most SMBs (97 percent) feel that they have too many technologies and struggle to integrate them. At Cisco, we're committed to working with India's small and medium-sized businesses to help simplify and fortify their threat response and ensure infallible safety of their employees, assets, and customers."
Conquering fear with preparedness
Cisco's study found that while SMBs in India are more worried about cybersecurity risks and challenges, they are also taking a planned approach to understand and improve their cybersecurity posture through strategic initiatives.
According to the study, 89 percent of SMBs in India have completed scenario planning and/or simulations for potential cybersecurity incidents in the past 12 months. The majority have a cyber response (91 percent) and recovery plans (92 percent) in place.
SMBs are also increasingly aware of where their biggest cyber threats come from. The research highlighted that phishing (50 percent ranked it #1) is seen as the top threat by SMBs in India.
The good news is that SMBs are ramping up their investments in cybersecurity, with almost half (44 percent) of Indian SMBs having increased their security investment since the start of the pandemic by more than 5 percent.
These investments are well distributed across areas such as cybersecurity solutions, compliance or monitoring, talent, training, and insurance, suggesting a strong understanding of the need for a multi-faceted and integrated approach to building a robust cyber posture.
The report highlights five recommendations for organizations of all sizes to improve their cybersecurity posture given the ever-changing landscape. They include having frequent discussions with senior leaders and all stakeholders, taking a simplified, integrated approach to cybersecurity, staying prepared through conducting real-world simulations, training and educating employees, and working with the right technology partner.