Cybersecurity Study: 40% of SMB Websites Are Attacked Monthly

The Sectigo “Website Security and Threat Report” reveals vulnerabilities, impact of breaches and cybersecurity spending trends for SMBs.

ROSELAND, N.J. — A new study by cybersecurity provider Sectigo reveals that 20% of small-to-medium-sized businesses (SMBs) have experienced a breach in the past year, even though nearly three-fourths believe their companies are mitigating risks effectively.

The new report details this perception gap, along with methods and frequency of SMB website attacks, the impact of breaches, security technologies in use, and expected website security spending for 2021.

In its inaugural “State of Website Security and Threat Report,” Sectigo surveyed more than 1,100 website security decision makers at SMBs and found that a significant number of businesses do not feel they are vulnerable to online threats, with 48% of respondents indicating that their business is “too small to be the target” of an attack.

Among the findings:

  • Half (50%) of SMBs surveyed have experienced a website breach at some point, with 20% reporting a breach in the last 12 months. Yet nearly half perceive their business as too small to be the target of a cyberattack, and 73% believe they are effectively mitigating risks.
  • More than 40% report a range of attacks targeting their website on a monthly or more frequent basis, with malware injection, data breaches, and brute force login attempts leading the list of attack vectors.
  • The majority of SMBs surveyed don’t believe they are vulnerable to online threats unless they have recently experienced an attack. Fifty-eight percent of SMBs who have recently experienced a breach feel their business is “vulnerable” or “very vulnerable,” compared to 30% of those who have not recently had a breach considering their business to be “vulnerable” or “very vulnerable.”

Lost Revenues, Customers, Time and IP

Of the SMB survey respondents who experienced a breach in the past year, only 3% reported “no impact” to their business due to the breach. Twenty-eight percent reported “severe” or “very severe” consequences stemming from a cyberattack — with 60% experiencing a website outage and more than a third incurring revenue loss.

Malware scanning and remediation, firewalls and website backup tools are the most common website security technologies SMBs use to protect their websites. While 94% of SMBs surveyed already use at least one type of security product or service to protect their websites, 37% of those who experienced an attack in the past year concede that they had some form of website security in place at the time — further underscoring the need for better or additional website security.

Making Security a Priority in 2021

Attack frequency and severity have many SMBs increasing spending. Eighty-one percent of respondents believe cyberattacks will become more sophisticated, and 75% believe attacks will occur more frequently in 2021. More than 72% of respondents say they collect or store sensitive data through their website, and half say that a website outage would have a serious impact on their business.

“As SMBs increasingly digitize their operations, their websites become mission-critical for communicating with customers and conducting business,” explains Michael Fowler, president of Partners and Channels, Sectigo. “No business is too small a target. Attacks continue to evolve, and hackers are increasingly resourceful, making it critical for SMBs to invest in multi-layered solutions that stay ahead of ever-changing threats.”

The study found that 60% of SMBs currently spend $500 per month or less on website security, with nearly half of all respondents planning to increase website security spending in 2021. The SMBs that have not experienced a recent breach plan to make modest increases, while those breached in 2020 expect to boost their spending by nearly 30% in 2021 (from 31% to 40% of their overall website budget).

“Companies are advancing their security posture are taking a wise step toward protecting their brand, data, and revenues by warding off website outages, ransomware and more. While security spending increases are promising for SMBs, businesses must be thinking beyond their SSL certificates. Today’s automated, all-in-one web security suites are helping SMBs tackle website monitoring, remediation, performance, and recovery with little effort, ensuring business continuity,” says Sectigo  CMO Jonathan Skinner.

The report is based on a global web-based survey of 1,167 website security-decision makers at companies with fewer than 500 employees. Respondents represent organizations spanning a range of industries, with a primary emphasis on technology, retail and financial services. The survey was conducted in this past November.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Tagged with: Cybersecurity News Research

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters