Are SMBs Now More Vulnerable to Cyberattacks?

Data Scout is Localogy’s series that curates and draws meaning from third-party data. Running semi-weekly, it adds an analytical layer to the industry data that we encounter in daily knowledge building. For Localogy original data, see the separate Modern Commerce Monitor™️ series.


When it rains, it pours. Just as SMBs are facing unprecedented challenges brought by global lockdowns and social distancing, they’re now also in the crosshairs of hackers. The thought is that the current state of disarray creates vulnerabilities that present opportunity gaps for those with nefarious intent.

Specifically, Alliant Cybersecurity reports that one in seven SMBs claim they’ve experienced at least one cyberattack since the mid-March beginnings of the pandemic. One in five meanwhile report that they’ve transitioned to remote work without establishing clear protocols to protect against cyber attacks.

The issue is that with such a quick and unexpected pivot, many companies didn’t have the time nor ability to devise and execute effective work at home policies.  That cuts in several ways but in this case, we’re talking things like user authentication and access of digital assets from their personal devices.

In other words, more passwords are being used from more devices and in potentially insecure or unencrypted ways as people log in from home.  This point is underscored by the fact that 52 percent of companies in the survey didn’t have work-at-home cultures nor policies prior to March. Best practices aren’t in the DNA.

“These senior decision makers are vastly underestimating the opportunities for hackers to capitalize on the increased spread of information via cyber channels,” said Rizwan Virani, president of Alliant Cybersecurity, in a statement. “With so many businesses rapidly switching to remote work for the foreseeable future, we are facing unprecedented vulnerabilities, especially for small- to medium-sized businesses lacking telecommuting experience.”

Making matters worse, SMBs aren’t equipped to deal with the fallout after an attack occurs. For the same reason they aren’t prepped for remote work security protocols, they’re under-resourced for resolving the effects of an actual attack. Indeed, they’re putting out several fires at the moment.

Specifically, the same Alliant survey found out that 17 percent of SMBs report the perception of a greater than normal risk for cyberattack, and 12 percent say they wouldn’t know how to respond if they were attacked.  These results align with Alliant’s agenda (take with a grain of salt), but are still notable.

Meanwhile, all of this generally aligns with results from Localogy’s Modern Commerce Monitor SMB survey. According to the newly released wave,  48 percent of SMBs are moderately or extremely concerned about information privacy among their remote workforce (full chart below).

The coming weeks will be telling as we see aggregate data on Q2 cyberattacks (a trailing indicator). Until then, it stands to reason that SMBs are vulnerable and their overall weakened state is exacerbated by the fact that they’re in triage mode to keep operations afloat, thus potentially distracted.

The takeaway? Cybersecurity should be moved up the SMB priority list. That’s easier said than done, as many are just trying to survive. So the real impact could come after things return to normal and SMBs internalize the lesson to be better prepared… for cyberattack and several other states of emergency.

Click me

Related Resources