Psychologists say that our character can influence our relationship to time and the verb tenses we choose to use. For instance, people who are unhappy or gloomy tend to use the past tense.
If we look at business leaders of SMEs, they will prefer to use the future tense. They are always planning ahead and need to substantiate and believe in the investments they make. They tend to think in terms of “what is going to happen next.” That is why they also need to use the Present tense. They relate to what there is and what is yet to come hoping for some creation of value in between, in other words driving profits.
However, when it comes to cybersecurity, they tend to use the Conditional tense, which is a big mistake. They think, « It could happen to me. » A serious mistake indeed especially because cyber crime should be addressed in all tenses except for the Conditional tense. A cyber attack (even a small one) has hit, hits and will hit your company…today, that is undeniable and inevitable. There is no way out.
So all you SME leaders out there, if you want to efficiently protect against cyber crime that is everywhere and somewhat imminent, you need to forget thinking the “if” and start conjugating cyber security awareness in all the other verb tenses.
Hacking – it is real and it is happening
All the Security Experts agree that the conventional and/or traditional safety measures to date have really become less effective. As proof of this, a CPME (Confederation of Small and Medium-sized Enterprises) survey on cybersecurity of VSEs and SMEs conducted on January 22, 2019, 41% of companies with 0 to 9 employees and 44% of companies with 9 to 49 employees have already fallen victim to a cyber attack. As the Symantec Security Threat report reveals, this trend is getting worse: attacks directed at companies with less than 250 employees have increased from 18% to 31% in just 4 years. However, SMEs have hardly invested in security solutions, nor have they chosen robust solutions to protect the vital fundamentals of their business.
If business leaders want to stay in the game and ensure sustainable business growth they definitely have to change their mindset and strategy to cope with this new reality and proactively engage with experts to secure the vulnerabilities of digital structures. Just like no one wants to be in the position of having to choose their doctor when being rushed to the hospital in an ambulance after an accident, no company should be left helpless after a data breach.
While large companies regularly spend hundreds of thousands, if not millions, of dollars on cybersecurity, too many SME owners deal with the subject very superficially because they feel they are too small to be targeted by hackers. Ironically, this makes them all the more attractive targets for hackers.
A data breach is not just a small glitch in one’s daily routine. On the contrary, it can cause irreparable damage to the reputation of a company, especially a small or medium-sized enterprise. Indeed, these organizations are not as prepared or equipped to handle the consequences. Often enough, they don’t benefit from a solid reputation that they can rely on to help navigate the crisis. The nightmare that follows a data breach is often pretty violent. Customers turn away and flee when they hear about a breach, convinced that the company could have done more to protect their personal information. Moreover, other potential partner companies tend to stay away from businesses that have been attacked, fearing they could be targeted by an attack themselves.
The Cost of Bad Break
The consequences of an attack obviously go beyond destroying a company’s reputation especially since companies need to invest considerable amounts to improve the security of their IT system after an attack.
They need to « clean up » after an attack to bounce back from a bad reputation, and that implies hiring Security Experts, Brand Loyalty specialists as well as legal and PR professionals.
The average cost for an SME that gets attacked, an SME that hasn’t done its homework identifying its digital vulnerabilities, is approximately $30,000. On the other hand, those that have taken a proactive approach by investing in security monitoring, contingency plans, financial protection and hiring vulnerability remediation specialists can avoid the additional costs and hassle of a crisis situation. They may even emerge virtually unscathed.
Today, SMEs need to understand and accept that an attack is bound to happen and need to start developing ways to mitigate cyber risks and protect against those threats. By building alliances within and outside the SME community and adopting an offensive rather than defensive stance, SMEs can significantly improve their chances of survival.
Anyone can fall victim to cyber crime, even presidential candidates. Moreover, as Olivier Kempf wrote back in 2015, there are only « two kinds of companies: those that have been hacked […] and those that don’t know they have been hacked.”
Cyber Security Rating