Indian SMBs least prepared for cyber-breaches: ESET

According to a survey report by cybersecurity software developer, ESET,  73% Indian SMBs experienced the highest rate of cybersecurity breaches within the past 3 years, despite high cybersecurity awareness among employees. In comparison to India, the report stated that cyber-breaches in small and mid sized businesses of Hong Kong stood at 61%, Singapore at 54%, Thailand at 53% and Japan at 29%. The report claims that 22% of SMBs in general cited employees using non-company devices to access the company network as being the biggest cybersecurity challenge and 19% stated that risks from third-party service providers and suppliers is also a major concern. The report stated that smaller businesses also had smaller budgets for cybersecurity, as funding was most often cited as the key challenge they faced. On the other hand, mid- and large-sized SMBs were less likely to share this concern, with only 12% and 10% respectively highlighting this as the key challenge they experienced. Despite this, the survey showed that 77% of SMBs in India had cybersecurity awareness programmes in place to educate employees, the highest among the Asia Pacific (APAC) nations surveyed, including Thailand at 71%, Singapore at 66%, Hong Kong at 56% and Japan at 24%. Indian SMBs were also most likely to have standard procedures in place for network security, with 81% of SMBs already having this in place. This could suggest that while SMBs had cybersecurity measures in place, they may not be effective enough to protect the businesses from cyberattacks. Given that 83% of Indian SMBs indicated that their companies should be investing more in cybersecurity, the highest rate in the region, SMBs should allocate their funds wisely to secure the most critical areas. When it comes to challenges or barriers to ensuring cybersecurity, 40% in Thailand believe that shortage of qualified security personnel seems to be a big challenge. On the other hand, 35% in India state that companies are more worried about emerging technologies which are acting as roadblocks. “With cybercriminals and cyber threats becoming increasingly sophisticated, SMBs need to look into stronger cybersecurity tools and measures to protect their digital assets,” said Parvinder Walia, Sales and Marketing Director for Asia Pacific and Japan, ESET.
“Cybersecurity measures such as two-factor authentication can add an extra layer of security and provide businesses with a boost in protection, even if the first line of defence has been compromised.”
The survey polled 1,500 respondents with 300 respondents from small and medium businesses in each of the following markets: Singapore, Hong Kong, India, Thailand and Japan. The latest findings from ESET mirror the data on the overall perceptions and activities around cybersecurity for the region. The study states that businesses in the region appear to be stepping up efforts in the fight against cybercrime, given that a majority of businesses, regardless of size or market region, reported utilizing cybersecurity solutions such as antivirus software and firewalls. It also suggests that Businesses, particularly the small- and medium-sized ones, must start looking at cybersecurity seriously.

Suggested solutions

Exploring more sophisticated cybersecurity solutions: The majority of SMBs in the region have basic cybersecurity solutions in place. 82% of businesses have antivirus software installed and 78% have firewalls to stop unauthorised access to their network. However, 54% of businesses are still experiencing a breach. Imposing better security for personal devices: Other than Japan, the BYOD culture is accepted and sometimes even encouraged in most markets across the region. In fact, this is one of the main challenges that SMBs are facing. Unfortunately, only 59% have a cybersecurity awareness program to educate employees. This is a bigger challenge in smaller SMBs as only 35% have such programs. SMBs need to set up communications policies in event of breach: It is important to look at how to prevent breaches from happening but it is equally important to deal with the aftermath of a breach. 34% of businesses in the region are still looking only at informing customers if they felt that the information was at risk. More alarming is that 19% wouldn’t even inform their customers unless asked.