>
fr / en
Logo 99 Logo 99 header

07

Oct
2024

International and European law

IT and communication law

Personal data

07/ Oct
2024

International and European law — IT and communication law — Personal data

#Cybermonth - Is my small business really at risk of being hacked?

The #cybermonth (from 1 to 31 October 2024) is the annual #cybersecurity awareness campaign that we support as stakeholders and advocates.

Is my small business really at risk of being hacked?

This question is our way of drawing attention to a persistent myth according to which only large companies are really targeted by computer attacks.

But the figures (see links below for ‘Small business cyber security statistics 2023’) speak for themselves:

  • For example, Firewall Times reports that 'Although big corporations usually make the headlines, small businesses are targeted far more frequently, with 43% of all data breaches targeting small businesses'.
  • For its part, Hiscox notes in its very interesting 2023 Cyber Risk Management Report (based on a country-by-country comparison) that ‘One of the most notable results of this year is the significant increase in the number of small businesses targeted’ which 'are hit harder. Over the last three years, the number of businesses with fewer than ten employees that have suffered an attack has more than halved to 36%’. ‘The smallest businesses are now targets’.

Small businesses are just as exposed to the risk of piracy, if not more so, even though the prevailing perception of risk is that they are ‘too small to be of interest to hackers’.

A prime target is any organisation that lacks upstream preparation, whose security systems are less robust, and whose staff are less aware of and trained in good digital practices.

In addition to prevention, the aim is to anticipate what would happen downstream in the event of a hacking attack, and what measures would enable the company to limit the impact (resume business as quickly as possible, limit the financial, reputational and emotional damage).

⚠️ It's not a question of business size, but of preparation.

In terms of vulnerabilities, a single malicious e-mail can be enough to compromise data, with financial, legal and reputational consequences, including loss of customers. VSEs and SMEs do not have the same resources as large companies and groups to recover quickly from a cyber attack.

  • According to Hiscox, the ‘weakest link’ is the hacking of business email, ‘the method of intrusion most used by hackers, followed by company servers or cloud servers’.

Whether or not the data processed is considered sensitive, the risks and effects (destabilisation to obtain a ransom, financial capture to divert the payment of funds, media pressure, etc.) and effects are not negligible, whatever the sector of activity:

  • According to Hiscox, ‘A third of companies attacked suffered financial losses as a result of payment diversion (34%)’, ‘One in five companies attacked was subject to a ransom demand.
  • The most noticeable effects: Nearly a third of companies (31%) attacked reported an increase in the cost of informing their clients about an attack. This figure has risen for the second year running. The same is true for companies reporting a breach on behalf of third parties (26% compared with 20% two years ago)'; ‘One in five companies attacked (21%) stated that the impact was significant enough to threaten its viability. The same is true for a fifth of very small businesses (with fewer than ten employees)’.

The ‘I'll deal with cybersecurity the day I'm affected!’ attitude is a flaw that exposes the company to more severe impacts in its relations with third parties (repercussions of the flaw on its partners, image and reputation, loss of customers and business partners, and greater difficulties in attracting new ones), and on the company's activity and performance, which could even lead to the company going out of business.

* * *

A few links - Cybersecurity statistics for smal businesses in 2023:

* * *

Some events and actions of the #cybermonth 2024 in Monaco :

  • The publication by the Commission de Contrôle des Informations Nominatives (CCIN, data protection supervisor) of 6 fact sheets on digital security (Internet, Social Networks, Cookies, Public Wifi, Mobile Telephony, Instant Messaging). 🔗https://www.ccin.mc/ccin/actua...

* * *

Other articles