Preventing website attacks isn’t always top of mind for small-to-medium-sized businesses (SMBs), despite the critical role security plays in their success. A new study by Sectigo®, the “State of Website Security and Threat Report”, reveals that 20% of SMBs have experienced a breach in the past year alone, even though nearly three-fourths believe their companies are mitigating risks effectively. The new report details this perception gap, along with methods and frequency of SMB website attacks, the impact of breaches, security technologies in use, and expected website security spending for 2021.
In its inaugural State of Website Security and Threat Report, Sectigo surveyed more than 1,100 website security decision makers at SMBs and found that a significant number of businesses do not feel they are vulnerable to online threats, with 48% of respondents indicating that their business is “too small to be the target” of an attack.
Perception Battles with Reality
- Half (50%) of SMBs surveyed have experienced a website breach at some point, with 20% reporting a breach in the last 12 months. Yet nearly half perceive their business as too small to be the target of a cyberattack, and 73% believe they are effectively mitigating risks.
- More than 40% report a range of attacks targeting their website on a monthly or more frequent basis, with malware injection, data breaches, and brute force login attempts leading the list of attack vectors.
- The majority of SMBs surveyed don’t believe they are vulnerable to online threats unless they have recently experienced an attack. Fifty-eight percent of SMBs who have recently experienced a breach feel their business is “vulnerable” or “very vulnerable,” compared to 30% of those who have not recently had a breach considering their business to be “vulnerable” or “very vulnerable.”
Lost Revenues, Customers, Time, and IP
Of the SMB survey respondents who experienced a breach in the past year, only 3% reported “no impact” to their business due to the breach. Twenty-eight percent reported “severe” or “very severe” consequences stemming from a cyberattack—with 60% experiencing a website outage and more than a third incurring revenue loss.
Malware scanning and remediation, firewalls, and website backup tools, are the most common website security technologies SMBs use to protect their websites. While 94% of SMBs surveyed already use at least one type of security product or service to protect their websites, 37% of those who experienced an attack in the past year concede that they had some form of website security in place at the time—further underscoring the need for better, or additional, website security.
Making Security a Priority in 2021
Attack frequency and severity have many SMBs increasing spending. Eighty-one percent of respondents believe cyberattacks will become more sophisticated, and 75% believe attacks will occur more frequently in 2021. More than 72% of respondents say they collect or store sensitive data through their website, and half say that a website outage would have a serious impact on their business.
“As SMBs increasingly digitize their operations, their websites become mission-critical for communicating with customers and conducting business,” explained Michael Fowler, President of Partners and Channels, Sectigo. “No business is too small a target. Attacks continue to evolve, and hackers are increasingly resourceful, making it critical for SMBs to invest in multi-layered solutions that stay ahead of ever-changing threats.”
The study found that 60% of SMBs currently spend $500/month or less on website security, with nearly half of all respondents planning to increase website security spending in 2021. The SMBs that have not experienced a recent breach plan to make modest increases, while those breached in 2020 expect to boost their spending by nearly 30% in 2021 (from 31% to 40% of their overall website budget).
“Companies are advancing their security posture and are taking a wise step toward protecting their brand, data, and revenues by warding off website outages, ransomware, and more. While security spending increases are promising for SMBs, businesses must be thinking beyond their SSL certificates. Today’s automated, all-in-one web security suites are helping SMBs tackle website monitoring, remediation, performance, and recovery with little effort, ensuring business continuity,” noted Jonathan Skinner, Chief Marketing Officer at Sectigo.
The Sectigo State of Website Security and Threat Report is based on a global web-based survey of 1,167 website security-decision makers at companies with fewer than 500 employees. Respondents represent organizations spanning a range of industries, with a primary emphasis on technology, retail, and financial services. The survey was conducted in November 2020.
For more information, including overall study findings and key takeaways, download the Sectigo State of Website Security and Threat Report.