MIT Technology Review Report Measures the Existential Threat Cybersecurity Attacks Pose for SMEs

Many small to medium-sized enterprises (SMEs) operate under the incorrect belief that they are too small and insignificant to attract cybersecurity attacks. Unfortunately, this is not the case, and such attacks are on the rise. According to one cross-industry study, midsize companies were almost 500 percent more likely to be targeted by the end of 2021 than two years ago. Smaller organizations are viewed as easier targets, as the largest enterprises have significantly stepped up their security in recent years. One major problem for smaller companies is that a single attack could pose an existential crisis and literally put them out of business.

A newly released report by MIT Technology Review Insights explores why cybersecurity attacks pose an existential risk to small and midsize enterprises (SMEs) and how they can plan for disaster recovery in case of an attack.

Disaster recovery plans are a critical element of business continuity plans, which all SMEs should have in place. While business continuity focuses on overall strategy, including policies and procedures for recovery following an incident, disaster recovery focuses on IT infrastructure, data, and applications. A well-crafted disaster recovery plan includes clear definitions of recovery time objective (RTO) and recovery point objective (RPO).

"Today's data is generated and distributed across highly complex ecosystems—multicloud, hybrid cloud, edge, and internet of things," says Kwee Chuan Yeo, editor of the report. "Enterprises' surface exposure to risks has ballooned. It's not just big corporations that are at risk. Smaller, less sophisticated companies are easier targets due to their lack of resources and expertise."

But, it’s not all gloom and doom, despite the growth of cyber attacks in both volume and sophistication. Businesses can minimize the impact of an attack by implementing a well-designed disaster recovery plan that includes data backups and replication solutions.

Of course, good cybersecurity solutions are also critical, along with ongoing workforce training and education to reduce human error that leads to successful attacks. Collectively, these elements can help businesses limit the damage and downtime an attack causes and, for smaller companies, may even help keep them in business.