Nearly 70 Percent of SMBs Experience Cyber Attacks, Half Do Not Know How to Protect Their Companies

Press Release from Keeper Security

CHICAGO, Nov. 14, 2018 /PRNewswire/ -- Keeper Security, Inc., which offers leading zero-knowledge, cybersecurity solutions for businesses and individuals, today announced the results of The 2018 State of Cybersecurity in Small and Medium Size Businesses study, conducted by the Ponemon Institute, sponsored by Keeper Security. The study revealed that small businesses increasingly face the same cybersecurity risks as larger companies, but only 28 percent rate their ability to mitigate threats, vulnerabilities and attacks as "highly effective."

Keeper Security, Inc. (PRNewsfoto/Keeper Security, Inc.)

The number of attacks, including phishing, advanced malware, zero-day and ransomware attacks is rising -- with 67 percent experiencing a cyber attack and 58 percent experiencing a data breach in the last 12 months. Yet nearly half of respondents (47 percent) say they have no understanding of how to protect their companies against cyber attacks.

Weak passwords can wreak havoc on small businesses
As SMBs become more vulnerable, the risk of employees and contractors causing a data breach or ransomware attack is simultaneously increasing -- 60 percent of those surveyed cited a negligent employee or contractor as being the root cause for a breach, compared to 37 percent pointing to an external hacker. Still, 32 percent of respondents assert that their companies could not determine the root cause of a data breach they have experienced in the past 12 months.

Forty percent of respondents say their companies experienced an attack involving the compromise of employees' passwords in the past year, with the average cost of each attack being $383,365. Accordingly, 19 percent more IT and security professionals consider password protection and management to be increasingly critical this year compared to last.

Cyber attacks and data breaches target SMBs
"More SMBs are experiencing highly sophisticated and targeted cyber attacks. There is a failure to use strong passwords, two-factor authentication and unique passwords for every website, application and system. This is exposing SMBs to cyber criminals," said Darren Guccione, CEO and Co-founder of Keeper Security. "The results of the 2018 State of Cybersecurity in Small and Medium Size Businesses study underscore the critical importance of implementing a secure password management solution to protect not only SMBs' sensitive digital assets, but also their reputation and the longevity of their business operation."

Additional highlights of the study, include:

  • Respondents indicated their two biggest password-related pain points are having to deal with passwords being stolen or compromised (68 percent) and employees using weak passwords (67 percent).
  • Human memory and spreadsheets are used to protect passwords. Only 22 percent of respondents say their companies require employees to use a password manager. Of the 74 percent of respondents who say password managers are not required, more than half say their companies rely upon human memory and spreadsheets to protect passwords.
  • SMBs continue to struggle with insufficient personnel and budget. Seventy four percent of respondents note they do not have the appropriate personnel and budget (55 percent) to effectively mitigate cyber risks.
  • The respondents who believe they are "highly effective" at mitigating risks, vulnerabilities and attacks have higher budget and more in-house expertise. These companies also dedicate a higher percentage of their IT budget to cybersecurity.

"As the threat landscape evolves, cyber criminals are leaving no stone unturned -- and companies -- no matter how big or small -- are only as strong as their weakest link," said Dr. Larry Ponemon, chairman and founder, The Ponemon Institute. "The findings of the 2018 State of Cybersecurity in Small and Medium Size Businesses study show far too many SMBs rely upon human memory, spreadsheets and even sticky notes to protect their passwords -- thereby weakening a critical link in the IT security chain."

Learn more on live webinar happening today
Keeper and Ponemon will announce the findings of the report on a live webinarat 11 a.m. CST on Wednesday, Nov. 14 co-hosted by Dr. Larry Ponemon and Darren Guccione. The complete study can be accessed at the following link:

Ponemon interviewed approximately 1,045 IT and IT security practitioners from companies in the United States and United Kingdom in July 2018. Respondents represented companies with headcounts ranging from 100 to 1,000.

About Keeper Security, Inc.
Keeper Security, Inc. ("Keeper") is transforming the way organizations and individuals protect their passwords and sensitive digital assets to significantly reduce cyber theft. Keeper is the leading provider of zero-knowledge security and encryption software covering password management, dark web monitoring, digital file storage and messaging. Keeper is trusted by millions of people and thousands of businesses to protect their digital assets and help mitigate the risk of a data breach. Keeper is SOC-2 Certified and is also certified for use by the Federal government through the System for Award Management (SAM) and the General Services Administration (GSA). Keeper protects businesses of all sizes across every major industry sector. Learn more at

Companies Mentioned in this Press Release:
Business Categories Mentioned in this Press Release: