In one survey of small- and medium-sized enterprises, most respondents were citing inadequate cybersecurity measures despite cyber risk awareness.

In a survey of 1,150 small- and medium- sized enterprises (SMEs) across the US, Germany, the UK and Singapore, 22% of respondents felt that they were adequately prepared for a cyberattack, and only a minority had internal cybersecurity specialists or were working with a third party for such security.

In Singapore, 66% of the respondents did not mandate their remote employees to go through added security training measures, despite data showing that organizations in the country were being attacked 1,269 times per week on average in the last six months.

The report for the survey asserts that SMEs are one of the most recurrent targets of cyberattacks even though their investments in cybersecurity continued to be placed on the back burner, as cited by respondents. Two of the biggest impacts that cyberattacks have had on SMEs include lost revenue (28%), and the loss of customer trust (16%).

Finally, the report states that methods used in cyberattacks had evolved drastically, giving rise new exploits like double and triple extortion ransomware attacks.

According to Muhammad Yahya Patel, Lead Security Engineer, Check Point Software Technologies Ltd., which commissioned the survey: “Ransomware gangs were typically less organized than other groups up until a couple of years ago. Now they are becoming far more considered and steadfast in their approach, exploiting large-scale vulnerabilities and executing double and triple extortion to settle their demands.”

In today’s technology space where the majority of organizations have embraced remote-working and fast tracked the adoption of cloud, mobile, and SaaS technologies, human errors and negligence are some of the most common way for hackers to get into SMEs’ systems.

The firm asserts that, while it seems counter-intuitive to spend more money on additional staff training and security measures in today’s recessionary climate, the increasingly high costs associated with the outcomes of a cyberattack can be devastating.