FINANCE

Over half of Financial SMBs say they don’t have time to understand cybersecurity

Over half of Financial SMBs say they don’t have time to understand cybersecurity  

Although financial services are most likely to be targeted, 24% reporting on multiple occasions

As the number of cyberattacks around the world increases, the public grows more aware of what these incidents mean for their personal data. As a result, the pressure on organisations to protect customer data and defend against attacks is mounting. Employee behaviour has a significant impact on cybersecurity postures, with stress having a particularly negative effect. A recent study by Webroot found that 74% of SMBs in the financial sector believe that stressed workers are putting their business at more risk, while stress in the financial sector is the highest it’s been since the 2008 financial crisis.

Financial services organisations hold and process a vast quantity of sensitive data and this report raises concerns on how well these businesses can defend against attacks. Stressed and time-poor employees are more likely to make mistakes and click malicious links, putting the organisation at risk.

Luckily, the level of investment that SMBs make in cybersecurity is growing. The report found that over half (54%) of SMBs within the financial sector devote more of their annual turnover (6%-20%) to cybersecurity spend compared to other industries. However, this investment may not be enough to make up for human error, which can be exacerbated in high-pressure environments.

To protect against attacks, SMBs must first identify the factors that can lead to a data breach, such as over-worked employees and a lack of cyber security education and awareness across departments.

Highlights from Webroot’s financial SMB research:

  • 74% say that stressed workers put their business at more risk
  • 78% believe their business is at risk due to employees’ lack of security knowledge
  • 51% say a data breach would put their business at risk of closure
  • 61% say profits would take a hit as a result of cybersecurity incidents
  • Yet, 65% believe their small size helps them react quicker to industry or political change, creating an opportunity for SMBs to lead the market

To ensure a robust cybersecurity posture, Webroot has created a list of cybersecurity tips for FS SMBs, designed to reduce risk and increase compliance in an increasingly regulated financial sector:

  • Always educate. Security awareness training can’t be a simple tick-box activity for SMBs. It needs to be continual, so cybersecurity stays top-of-mind and user error is minimised. Attention also needs to be paid to the method of delivery. Micro learning, or short courses about five to ten minutes each, is a best practice among e-learning specialists when it comes to information retention and attention span.
  • Take a layered approach. SMBs need to leverage both next-generation endpoint protection and network protection toensure they are covering the gaps that cybercriminals and hackers deploy to compromise businesses.
  • Know the signs. Phishing is a favourite technique amongst attackers. Make sure employees are confident in identifying the different types of attack. Security awareness training that incorporates phishing simulations, ensures that people, processes, and technology are all harnessed effectively together to stop cybercriminals.
  • Assess your risk profile. Every business has different risk factors. If you don’t have the expertise, get an independent security audit or your MSP to help assess your security posture. Work to develop a plan for adequate ongoing risk mitigation. Look at your GDPR exposure and follow guidelines to ensure the appropriate mitigation criteria are met.
  • Plan for the worst. Create a data breach response plan that identifies specific security experts to call and a communications response plan to notify customers, staff and the public. Have a backup and recovery strategy.

Attacks on financial services SMBs can disrupt an organisation to the point of bankruptcy. To help combat this, both prevention and protection must be put in place – online and in the form of employee training to increase awareness of attacks such as phishing. Organisations must also put processes in place to mitigate risky employee behaviour at times of high stress. This approach reduces the risk of a successful cyberattack, ultimately protecting financial organisations and their customers’ valuable assets.

To Top