There's a bogus statistic that's been floating around for a long time stating that 2/3 SMBs go out of business after a #cybersecurity breach. While that particular stat is false, it's 100% true that SMBs are disproportionately impacted by security incidents. Here's a clip from the 2022 Information Risk Insights Study from @cyentiainst and CISA.
***
On the surface, the absolute costs of a typical or extreme loss event for large organizations exceed those of small companies by more than 10X. That’s certainly worth incorporating into enterprise cyber-risk assessments. But some simple math yields another important finding lurking just under the surface. A $10B enterprise hit with the typical (geomean) loss amount for that size tier of $516K can expect a cost that represents 0.00516% of annual revenues. A small shop that brings in $100K per year could lose nearly its entire annual earnings in a typical loss event ($88K)!

Diving even deeper into the topic of relative impact, Figure 8 plots historical event losses as a percentage of annual revenue. There, we see that the reported losses for two-thirds of all publicly known security incidents fall below 1% of revenue (and most of those far below that mark). A little over a quarter of incidents fall in the span between 1% and 100%, while 6% actually exceed the organization’s yearly income. What’s more, some events exceed revenue by 100X!

The colors applied to Figure 8 bring us back to the discussion of the relative impact of cyber events on small vs. larger organizations. Gartner defines a small business as one having less than $50M in annual revenue. So, that’s the distinction that appears here in red. It’s clear that the majority of loss events involving midsize and large firms (in blue) fall below 1% of their income, while the higher ratios on the right side of the spectrum are almost entirely populated by small businesses. Here’s a sobering stat: SMBs were the primary victim in 89% of all cyber loss events that exceeded 10% of revenue.

Get full report: https://www.cyentia.com/iris-2022/

#smb #smbsecurity #smallbusiness #cyberrisk #cyberresilience #databreach #databreaches