When I was much younger I used to be a huge fan of Mad Magazine. I couldn’t wait for each new issue to hit the newsstand where the intellectually uncurious mascot and cover-boy Alfred E. Neuman would grace the cover in some sort of satirical portrait of a topic du jour in popular culture, politics or current events. Fans of Mad Magazine will also remember Alfred E. Neuman’s famous motto – “What, me worry?”
I haven’t given much thought to Alfred E. Neuman for quite some time but surprisingly his gap-toothed grin was one of the first images that came to mind after I read a recently published report, the “2012 NSCA/Symantec: National Small Business Study”. In this report, 1,015 small- and medium-sized businesses with 250 employees or less were surveyed about their cyber-security practices and this yielded some interesting results. Some of the findings and highlights of the report concluded that:
1. SMBs are increasingly dependent on the Internet.
- 87% have 1 or more employees who use the Internet for daily operations
- 71% say their business is somewhat or very dependent on the Internet for day-to-day operations
- 55% say a loss of Internet access for 48 hours or more would be disruptive
2. SMBs say that a safe and secure Internet is important to their business.
- 73% say a safe and secure Internet is critical to their business’s success
- 44% agree that their customers are concerned about the IT security of their business
- 77% think having a strong cyber-security and online safety posture is good for their company’s brand
Considering the fact that most SMBs placed such a high degree of importance on the Internet for their business, this survey also yielded some surprising results in terms of how they secure their business:
3. The majority of SMBs have no Internet Security policies or procedures.
- 87% do not have a formal written Internet security policy for employees
- 75% do not have policies for employee social media use on the job
- 83% have no formal cyber-security plan
4. SMBs have little or no contingency plans for responding to security incidents and breaches.
- 59% do not have a contingency plan for responding to or reporting a data breach loss
Given these contradictory report findings you would think that SMBs would be concerned about their potential exposure to cyber-threats. Well think again – according to the report…
5. Most SMBs are apparently satisfied with their online safety posture despite having no cyber-security policies or plans in place.
- 86% of SMBs are satisfied with the amount of security they provide to protect customer and employee data
- 83% of SMBs believe that they are doing enough or making enough investments to protect customer data
- 77% of SMBs think that their company is safe from hackers, viruses, malware or cyber-security breaches
There is some irony in the timing of this report considering it was released during Cyber Security Awareness Month. Based on the report findings it’s evident that not only is increased awareness required but that most SMBs are also in serious need of a reality check when it comes to understanding the type of efforts and resources required in order to be truly prepared for a cyber-attack. According to the U.S. Bureau of Labor, 93% of companies that suffer a significant data loss are out of business within 5 years, however nearly half of the surveyed SMBs believe a breach will have no impact to their business.
Don’t let Alfred E. Neuman be the inspiration for your cyber-security practices. It’s time for SMBs to move away from a “What, me worry?” to a “Yes, me worry!” mindset and start taking the necessary precautions to safeguard their data and protect their critical network infrastructure and IT assets.
Get proactive about security by downloading our free white paper, Planning Security Budgets: Quantify the Financial Risk of DDoS, from Arbor Networks. Or watch the DDoS Attacks Video Series with Craig Deveau.