SMBs are at an increased risk for cyberattacks, including ransomware, DDoS attacks, and insider exfiltration, according to a Cisco report.

5 reasons your employees are a security threat to your business Watch Now

Small and mid-sized companies (SMBs) are increasingly at risk of cyber attacks, and often serve as a launch pad for larger threat campaigns, according to Cisco's 2018 SMB Cybersecurity Report, released Wednesday.

SMBs act as soft targets for cybercriminals because they tend to have less-sophisticated security infrastructure and fewer trained cybersecurity workers on staff to manage and respond to threats, the report noted. If an attacker knows a target is unguarded, they're more likely to go after it.

More than half (53%) of the 1,816 SMB respondents said their business has experienced a breach, the report found. These breaches can be costly: 20% of SMBs said these breaches cost $1 million to $2.5 million, according to the report.

SEE: Incident response policy (Tech Pro Research)

Downtime is also a significant issue for SMBs following a cyberattack. Some 40% of respondents said they experienced eight or more hours of system downtime due to a severe security breach in the past year. Another 39% of respondents said that at least half of their systems had been affected by a severe breach.

Here are the top 10 security challenges faced by SMBs, and the percent of respondents who ranked them "challenging" or "extremely challenging":

Targeted attacks (79%) Ransomware (77%) Advanced persistent threats (77%) DDoS attacks (75%) Proliferation of BYOD and smart devices (74%) Viability of disaster recovery and business continuity (74%) Insider exfiltration (73%) Outsourcing critical business processes (73%) Regulatory compliance constraints (71%) Cloud computing (70%)

To mitigate these and other cyber risks, SMBs must develop a strategy to improve their cybersecurity posture, the report recommends. This must include appropriate cybersecurity training for end users, insurance policies that cover the loss of business stemming from an attack, and the creation of business continuity and crisis communication plans to aid recovery and prevent reputational damage.

IT leaders must also be able to explain in clear terms what the business wants to know when it comes to breaches, including the impact to the organization, the measures security is taking to contain and investigate the threat, and how long it will take to resume normal operations, the report stated.

The big takeaways for tech leaders:

53% of SMBs have experienced a security breach. -- Cisco, 2018

Targeted attacks, ransomware, and advanced persistent threats are the top security challenges faced by SMBs. -- Cisco, 2018

Cybersecurity Insider Newsletter Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays Sign up today

Also see