Cyber Security Readiness: Perception vs. Reality

Does the Technology Platform Matter When Evaluating a New IT System?

When we read about large-scale security breaches in the news, they usually involve companies such as Target, Sony, and HBO. So, it is easy to assume that these types of breaches are just a big company problem. This has lulled many smaller companies into a false sense of security, believing that their organizations aren’t viewed as desirable targets for the hackers.

Unfortunately, that is just not true. Smaller organizations, especially those in the middle market space, are being hacked every day. As a matter of fact, given that there are thousands of mid-size organizations, often with rather limited IT resources, these companies are the most frequent targets of hacks and information theft.

Recent studies have highlighted the differences between business owners’ perceptions and the realities as it relates to cyber security in the middle market.

Perceptions:

  • Two-thirds believe their company is safe from cyber attacks.
  • The majority are not concerned about hackers, cyber criminals, or even employees stealing their data.
  • Close to half believe a data breach will not have an adverse impact on their business.
  • The majority believe their clients and suppliers would be understanding if a breach occurs.
  • Because of these factors, most do not conduct ongoing employee cyber and information training.

Realities:

  • Most data breaches and information exposures occur as a result of an employee making a mistake with their email and Internet practices.
  • The majority of data breaches target smaller organizations.
  • Over half of smaller organizations hit by a data breach cease operations six months after a major cyber attack.
  • The average cost of a data breach to a smaller organization is over $3 million dollars
  • There have been significant increases in lawsuits brought against companies that have not properly safeguarded their clients’ and suppliers’ sensitive information.

In order to make sure you have taken the proper steps to better protect your organizational assets, it’s important to conduct a periodic assessment of your vulnerabilities, identify potential risks, and develop effective mitigation strategies. It is only through continuous effort that you can become a more cyber security-ready organization.

Sassan S. Hejazi can be reached at shejazi@kmco.com or 215.441.4600.

Subscribe to Kreischer Miller's email newsletter

You may also like: