Few small businesses would survive ransomware attack

Three-quarters of all small businesses would be able to survive only three to seven days from a ransomware attack. This is a serious problem as they could be used as an entry point to large companies and many small businesses are a critical part of the supply chain.
That’s the conclusion reached in a new survey of 1,200 small and medium-size businesses in the United States and Canada. The survey is the first that is focused on small business owners to identify the extent of resiliency to ransomware.
The survey was conducted by Momentive for CyberCatch, which says ransomware is a critical threat to all organizations, particularly to small businesses who might not be able to recover from such an attack.
Key findings in the survey include:
  • A third of small and medium-size businesses do not have an incident response plan to threats such as a ransomware attack.
  • Of those who do have a plan, a third tested the incident response plan more than six months ago.
  • A third fail to test employees for susceptibility to phishing to prevent ransomware being downloaded or provide access to an attacker inadvertently.
  • Almost eight in 10 say they would survive only three to seven days from a ransomware attack.
  • Almost half say they would survive only three days from a ransomware attack.
“Ransomware is an existential threat to small and medium-size businesses who are a critical part of the supply chain,” says Sai Huda, founder, chairman and CEO of CyberCatch. “Foreign adversaries and criminal gangs will increasingly attack small businesses with ransomware not only to extort ransom payments but also to use at the entry point upstream to the eventual target, a large company, critical infrastructure, government agency, healthcare organizations or other high value target.
“The survey is a wake-up call for proper cybersecurity controls. The report reveals seven key cybersecurity controls to thwart ransomware.”