Not only has the cost of data breaches risen to an average of just over £1.2m including all attack mitigation and business disruption costs from £717,909 a year ago, but the average number of records stolen has soared from just over 5,000 per attack last year to 9,350 this year – an 87% increase.
While 54% of respondents say the root cause of the attacks are negligent (not malicious) employees, a full third of the companies surveyed could not even determine the root cause.
An ongoing lack of attention to password usage underlies much of the cyber security woes at SMEs, the study said, referring to the latest Verizon Data Breach Investigations Report, which noted that 81% of all cyber attacks result from poor password management practices.
The latest Ponemon research shows that 59% of respondents said they have no visibility into their employees’ password practices, which is unchanged from a year ago.
Among the bad practices cited are using the same passwords for access to multiple accounts and servers; sharing passwords in highly insecure ways; and failing to use strong passwords, settling instead for 123456 or other very easily compromised passwords.
Less than half – 43% – of SMEs surveyed have any sort of password policy in place. And of those that do have such a policy in place, 68% (up from 65% last year) said they either do not strictly enforce the policies or are unsure if they are enforced.
“SMEs can respond to this overall situation by quickly establishing mobile device and BYOD internal control policies,” said Darren Guccione, Founder and CEO of Keeper Security.
“Then implement software that controls the information being protected and transacted via these and other devices. The combination of password management software and enterprise mobility management tools can mitigate up to 80% of the cyber risk those devices pose,” he said.