Okta: Two-thirds of U.S. SMBs Cite Financial Loss, Trust Damage as Top Cyberattack Concerns

Authentication technology company Okta recently shared results of a study on small and medium-sized businesses (SMBs) and cyberattacks. It found that financial loss and damage to trust are the top concerns for two-thirds of those polled.

The research also shows that a quarter of SMBs in the United States that have been hit by a cyberattack aren’t aware of the full financial impacts of the attacks or the fallout from operational and workforce impacts. Okta says the lack of awareness "reveals a significant vulnerability."

While 70 percent of SMBs polled cite financial loss as a top risk and 65 percent cite loss of customer trust, one in five invest $200,000 or more in cybersecurity measures following an attack compared to five percent who do so not having experienced an attack. Over half of SMBs attacked recovered financially in less than a month, but less than half reported reputation recovery in that same amount of time.

“Many SMBs rely on identity via their email providers, assuming these gaps won’t be exploited. In reality, cybercriminals are targeting these weaknesses,” said Arnab Bose, Chief Product Officer, of Workforce Identity Cloud at Okta. “As AI-powered attacks become more sophisticated, SMBs must strengthen their identity protections to safeguard operations and, most importantly, customer trust.”

The research found that cyberattacks are only outranked by inflation and interest rates as a concern of small businesses. It is so much of a concern, in fact, that attacks are having a big impact on the mental health of owners and even their employees.

“The impacts of a cyberattack on small and medium-sized businesses in the U.S. are wide-reaching, encompassing not only financial but also psychological and operational repercussions that can disrupt businesses and their workforces for months,” noted Bose. “Today’s business owners need a proactive and holistic approach to cybersecurity that can scale with their operational and budget needs, and as leaders, it’s essential to not only ensure robust security measures but also to empower their teams with clarity and confidence.”

Nearly 50 percent of owners who have experienced a cyberattack reported a noticeable negative impact on their mental health. Of smaller companies with limited staff and stretched resources, 41 percent cited the impact of a security breach on employee morale as they find it harder to rebuild trust. A fourth of larger SMBs (100-499 employees) also noted "significant impacts," according to Okta.

The research found that following an incident, roughly two in five (over 40 percent) of U.S. SMBs cited a breach in customer trust, while nearly 40 percent reported significant reputational damage. Among the SMBs with larger workforces, half cited "significant impacts" to both trust and reputation.

Ultimately, Okta found that SMBs, in general, are underprepared for security breaches, relying solely on protections that aren’t as effective as they once were (antivirus software, single sign-on bundled with email systems, etc.) while underutilizing solutions like identity management and biometrics.

As threats become more sophisticated, so must prevention tactics. Small businesses are big targets for attackers and must take security extremely seriously in this age of artificial intelligence.