With the recent breach of consumer credit reporting agency Equifax, the growing threat of cyber attacks and data breaches looms over consumers and businesses alike. The average cost of a single breach for small businesses averages to about $70,000, and businesses at the enterprise level can expect an average cost of over $850,000.

[REITS]

While constant news of cybercrime may not inspire everyone’s confidence in the state of online security, businesses are as sure as ever about their ability to handle these crises. In fact, a recent survey estimates that 87% of businesses in the U.S. and U.K. are confident in their cybersecurity.

But is that level of confidence misplaced? In a recent survey from Solarwinds MSP conducted among U.S. and U.K. businesses, we can learn the perspectives of businesses to draw that conclusion. This survey, taken from 400 organizations split across small and enterprise businesses, provides a balanced composite of what businesses think about cybersecurity.

How commonplace are cybersecurity incidents?

Six out of ten of businesses surveyed believe that they’re more safe today than a year ago. Additionally, roughly the same amount of respondents expect their preparedness to only improve next year. While businesses are generally implementing better measures to protect their data, how does this growth keep pace with breaches and attacks taking place?

Within the past year, businesses have encountered DDoS and fraud attacks (31%), malicious insider attacks (31%), and ransomware attacks (28%). Between all of these incidents, a total of 71% of businesses responded to the survey by acknowledging that their organization had dealt with some form of cybercrime. This number is a staggering increase from the survey’s prior figure of 29%.

Understanding security pitfalls

For some businesses, confidence in the face of being a target of cybercrime makes sense, because reports of cybercrime are known to spur businesses to action in increasing their preparedness through new and improved measures. But not everyone is following suit — only 44% of businesses rolled out new tech in response to a breach within the last year.

Through the survey, follow-up questions revealed patterns of common pitfalls that businesses have failed to address. 68% do not have a security policy in place, or have a policy which they do not apply or enforce through audits. Less than a fifth have not prioritized user awareness training to reinforce those standards.

Less than a third of respondents would consider their security to be “robust”; the survey’s consensus is that the time it takes to detect, respond, and resolve cyber incidents has grown for a significant number of businesses.

Are Businesses Too Confident About Cybersecurity?

While major security incidences — as in the case of Equifax — might cast a spotlight on how serious the threat of poor cybersecurity can be, a central takeaway of this survey is that businesses are generally not responding to that threat with an appropriate degree of caution. While confidence can be positive, it is important that confidence is informed by certainty that your organization is doing everything possible to safeguard its data.

For more information from this survey, view the infographic below:

Are Businesses Too Confident About Cybersecurity IG