New research from Okta, Inc., a leading independent identity provider, highlights the severe impact of cyberattacks on U.S. small and medium-sized businesses.
Okta’s study reveals that while SMBs are increasingly concerned about cyber threats, many still rely on basic security measures that leave them vulnerable to evolving and sophisticated cyber risks. Nearly two-thirds of SMBs name financial loss (70%) and customer trust damage (65%) as top concerns after experiencing a cyberattack.
One significant insight from Okta’s research shows that many SMBs may not fully understand the financial consequences of cyberattacks until after an incident occurs.
Among those who have experienced an attack, one in five SMBs invested $200,000 or more in cybersecurity measures following the breach, compared with just 5% among those who have not experienced an attack.
The recovery period is also often lengthy, with over 50% of SMBs able to recover financially within a month, though less than half regained their reputation in the same timeframe.
Arnab Bose, Chief Product Officer of Workforce Identity Cloud at Okta, emphasized the need for a proactive approach.
“The impacts of a cyberattack on small and medium-sized businesses in the U.S. are wide-reaching, encompassing not only financial but also psychological and operational repercussions that can disrupt businesses and their workforces for months,” Bose says. “Today’s business owners need a proactive and holistic approach to cybersecurity that can scale with their operational and budget needs, and as leaders, it’s essential to not only ensure robust security measures but also to empower their teams with clarity and confidence.”
Cyberattacks Take a Toll Beyond Finances
Okta’s study reveals that cyberattacks affect SMBs on multiple levels, extending beyond financial losses. Cybersecurity is a top concern for 65% of U.S. SMB owners, second only to inflation and rising interest rates. Additionally, nearly half of small business owners who have experienced a cyberattack reported a negative impact on their mental well-being.
The toll extends to company culture and employee morale, especially in smaller businesses with limited resources. Around 41% of these businesses noted a direct impact on employee morale following an attack, with larger SMBs (100-499 employees) citing even greater challenges in restoring internal trust and morale.
Customer trust is often damaged after a cyberattack, with more than 40% of SMBs reporting a breach in customer trust and nearly the same proportion indicating significant reputational damage. For SMBs with larger workforces, about half noted substantial impacts on both trust and reputation.
Reliance on Basic Security Measures Leaves SMBs Exposed
Okta’s research found that more than 90% of U.S. SMBs rely primarily on basic security measures, such as antivirus software and email-based single sign-on (SSO) tools. However, advanced solutions like identity management (40%) and biometrics (32%) are underutilized, especially among businesses with fewer than 100 employees.
The study indicates that a layered approach to security improves confidence. SMBs using both multi-factor authentication and antivirus solutions reported a higher sense of security (76%), with confidence increasing to 84% when using additional tools like identity management and biometrics.
Building a Stronger Security Culture
While SMBs acknowledge the stress cyberattacks place on their teams, fewer provide adequate, ongoing cybersecurity training. Although 80% of U.S. SMBs are confident that employees understand their company’s cybersecurity compliance measures, only 55% offer some form of cybersecurity training, and only about a third (32%) provide regular updates and training. Notably, one in six businesses offers no updates to employees, highlighting a gap in cybersecurity culture.
Image: Okta