New ESET research finds small businesses incur big loses in data security breaches

ESET released its 2022 SMB Digital Security Sentiment Report, which surveyed over 1,200 cybersecurity decision-makers from SMBs in Europe and North America. And, the survey revealed that over two thirds of SMBs have experienced a data security incident in the past 12 months, incurring an average estimated cost of nearly €220,000.

Yet the top concern over the business implications of a cyberattack named by SMBs was loss of data (29%). While these decision-makers are concerned about the possible implications of an attack, 70% of businesses surveyed admitted that their investment in cybersecurity has not kept pace with recent changes to their operational models (e.g., hybrid working).

The latest ESET Threat Report data shows a 20% year-to-date increase in 2022 in threat detections compared to last year. As many as 83% of the polled businesses believe that “cyber-warfare is a very real threat that can impact everyone,” suggesting that the ever-growing threats are significantly affecting SMB sentiment. Also, 74% of SMBs in North America and Europe believe that they are more vulnerable to cyberattacks than enterprises.

Respondents identified the following top cybersecurity concerns for the next 12 months:

  • Malware (70% in total, statistically significant difference recorded in Sweden 50%)
  • Web attacks (67% in total, statistically significant difference recorded in Spain 87%)
  • Ransomware (65% in total, statistically significant difference recorded in Denmark 80%)
  • Third-party security issues (64%)
  • Distributed denial-of-service attacks (60%)
  • Remote Desktop Protocol attacks (60% in total, statistically significant difference recorded in Spain 79%)

Despite major global developments such as the war in Ukraine and continuing remote work arrangements post-COVID-19, SMBs identified the number one factor significantly increasing the risk of cyberattacks as the lack of cyber-awareness among their employees (43%). Other major factors include nation-state attacks (37%), vulnerabilities in the partner/supplier ecosystem (34%), continued hybrid working (32%), and use of Remote Desktop Protocol (31%).