Cyberattacks targeting large retailers like Macy’s and Bonobos may dominate the headlines, but small and medium-sized businesses (SMBs) are equally vulnerable. Today’s attackers are focused on theft of user and customer data that can fetch a high price on the dark web, but recent research conducted by Sectigo shows that retail SMBs are dangerously overconfident in their cybersecurity stance. Too many retailers feel safe from attack — until it is too late. With the cost of breaches rising, closing the gap between perception and reality is critical for retailers.
The Security Perception Gap
Sectigo recently conducted a global, web-based survey of more than 1,000 SMB website security decision-makers to gauge their cyber-readiness. The results were concerning, showing that a staggering 60% of SMBs spend $500 or less per month on cybersecurity. While the dollar amount doesn’t tell the full story, it is a worrying indicator of the vulnerability of these businesses, which are viewed by attackers as easier targets than large organizations with dedicated IT and InfoSec teams.
One reason for this insufficient investment in security is that 48% of SMBs believe they are too small to be a target for cyberattacks — despite 50% of respondents indicating that they had suffered a website breach within the past year (28% categorizing the breach as severe). An overwhelming majority of SMBs (73%) indicated that they believe they are already effectively mitigating risks, vulnerabilities and attacks on their website — even amid this clear evidence to the contrary.
Worse, only 52% of retail SMBs indicated that they plan to increase website security spending in 2021, despite the critical role that websites play for today’s SMBs. In fact, retail SMBs reported lower usage of cybersecurity technology than other SMBs, underscoring the vulnerability of this vertical. This is concerning, particularly as retailers deal with large amounts of customer information relative to other industries.
Advertisement
The Cost of a Breach
The most recent IBM/Ponemon Cost of a Data Breach Report showed that the average total cost of a data breach in the retail sector is approximately $2.01 million — more than enough to put many small retailers out of business. In fact, some research has indicated that as many as 60% of SMBs that suffer a breach are forced to close their doors within a year, underscoring the potential risk.
Recognizing the threat, more than 40% of SMBs surveyed by Sectigo indicated that their websites are attacked on a monthly (or more frequent) basis. Furthermore, 81% said they believe cyberattacks will become more sophisticated in 2021, while 75% said they believe they will become more frequent and 72% said they believe their financial impact will become more severe.
While they may understand how dangerous the threat is, too many have an “it won’t happen to me” mindset.
Providing Simple Solutions
Retail SMBs understand that they will face new, multifaceted threats in 2021, but too many believe that they are equipped to face them. Unfortunately, many SMBs may not have the expertise to conduct the scanning, cleaning, monitoring, firewalling, reporting and other critical actions needed to effectively secure their websites against today’s threats, instead assuming that network firewalls, website backups and malware scanning technology are enough to keep them protected. Sadly, this is no longer the case.
Now more than ever, it’s important to show these SMBs that protecting their websites doesn’t need to be complicated. Sectigo’s research indicates that lack of time (35%), staff and resources (31%), budget (31%) and security knowledge (30%) are listed among the chief barriers to website security technology for SMBs. This underscores the need for strong partnerships with vendors that can effectively guide them.
It is critical to emphasize a holistic, end-to-end approach to security. A complete approach can ensure seamless integration and ease of use, making automation easier — removing the burden of managing and maintaining these tools. For retail SMBs, “set and forget” tools are ideal, leaving decision-makers free to focus on business operations while remaining confident that they are adequately protected.
Closing the Knowledge Gap and the Security Gap
The data is clear: retail SMBs are more vulnerable than they think, and the rising cost of retail breaches makes strong website security especially important.
Helping retail SMBs identify the tools that can protect their websites more effectively is key — especially when end-to-end and highly automated solutions are available. Retailers must make security a high priority, and today’s security market has made it easier than ever for SMBs to keep their websites and their customers protected.
As CIO of Sectigo, Ed Giaquinto oversees IT and support, leading initiatives around change control, onboarding, proof of concept (POC), customer communications, service and innovation in operational practices. He assumed the role in February 2019 following his role as Sectigo’s VP of Information Technology, where he led strategic planning and IT process development gleaned from 30 years in the IT industry. Giaquinto is a dynamic and transformational executive team member with significant experience working for top-tier firms in a wide range of industries including pharmaceutical, retail and Internet security.
