While business owners have become increasingly concerned about cybercrime and the impact it can have on their business and customers, the majority of them have no plan in place should a breach of their security systems occur, according to a recent study by the software solutions company Software Advice.

In a survey of 385 SMB owners and decision-makers in October of 2014, Software Advice asked how prepared they were in the event of a threat or a breach, and interesting patterns evolved. Among the findings:

  • More than sixty-seven percent were moderately to extremely concerned about cybercrime attacks to their business;
  • About two-thirds (64 percent) did not have a plan in the event of a cyber-attack;
  • Only 33 percent were “extremely confident” in their understanding of their responsibility and liability in the event of a breach.

Considering that a 2013 analysis by Symantec found that SMBs are being targeted at an increasing rate, the study suggests that sterner measures and a more vigilant demeanor need to be adopted by these companies. The Symantec report found that SMBs are easier to target in that their lack of technical resources and expertise in cyber security make them vulnerable.

The reasons some SMBs were minimally or not concerned at all, however, is vague. According to the director of North American SMB sales at Dell Secureworks Jeff Multz, “…They have ignored [security] due to economics or due to a lack of understanding, and they are where the big companies were in 2003…”

When asked about security of sensitive data, similar patterns emerged as 73 percent were moderately confident or not at all confident that their data was secure. In addition, only a third responded that they understood their liability in the event of a security breach. Because many SMBs confuse a data breach with consumer fraud, they fail to realize they may bear the financial brunt of an attack. Costs associated with a breach have risen to over $3 million dollars per incident, up 15 percent from 2013.

To be better prepared in the event of a cyberattack, Software Advice suggests SMB decision-makers:

  • Consult with an attorney to understand legal consequences and liability issues
  • Develop a plan to prepare for a security breach and investigate pre-emptive measures that can be taken
  • Update security patches regularly
  • Use Best Practices when it comes to passwords, opening emails, and clicking on links

Businesses may also want to consider consulting with firms specializing in cybersecurity, many of which have security plans for businesses with as few as twenty employees.


eMarketer. “Are SMBs Prepared to Fight Cybercrime?” December 3, 2014.

Humphries, Daniel. “SMBs and Cybercrime Preparedness IndustryView 2014,” Software Advice, October 2014.