NEW YORK (AP) — While small and mid-sized businesses are increasingly targets for cybercriminals, companies are struggling to devote enough resources to protect their technology from attack.
That's one of the findings of an annual survey of companies released by the Poneman Institute, which researches data protection, and Keeper Security, a manufacturer of password protection software.
The survey found that 76% of the 592 U.S. companies surveyed had experienced a cyberattack in the previous 12 months. That was up from 70% in a survey in 2018, and 63% in a 2017 survey.
The most common attacks were phishing and social engineering scams, cited by 57% of companies. These are invasions that target unsuspecting computer, smartphone and tablet users with realistic-looking emails; if a user clicks on a link or attachment in the email, malicious software is downloaded onto the device. Forty-four percent of companies reported an attack that came via a website.
While businesses of all sizes are victims of cyberattacks, the smaller the companies, the more vulnerable they can be. They don't have large information technology staffs and many don't have expensive, sophisticated software designed to monitor their systems and defend against attacks.
Lack of personnel and not enough money were the top two challenges keeping companies from having a fully effective information technology program. Seventy-seven percent of companies said they didn't have enough staffers, up from 72% a year ago. And 55% said money was a problem, down from 58% a year ago, but still a reflection that a considerable number of companies struggle to meet their cybersecurity needs.
Companies are most concerned about protecting their customer records; 62% cited it as a priority. That was followed by intellectual property, cited by 48%, customer credit and debit card information, cited by 43% and financial information, cited by 30%.
Small and mid-sized company owners have embraced mobile devices as a way to run their businesses. But they recognize that the convenience and efficiency these devices off come at a price; half said the devices have diminished the cybersecurity of their companies.
The survey was conducted during August and September.