March 4, 2021
Exclusive new survey of critical infrastructure SMBs finds 75 percent experienced a cyber breach; 59 percent reported breaches that stopped productivity
Other findings: average seven months to recover and $170,000 cost to resolve a breach
Recommendations for businesses and policymakers to incentivize better cyber defenses
WASHINGTON, DC – USTelecom | The Broadband Association, a leading association of connectivity providers and technology innovators, today released an exclusive new survey of small and medium-sized businesses operating critical infrastructure in the United States.
USTelecom’s 2021 Cybersecurity Survey: Critical Infrastructure Small and Medium-Sized Businesses (SMBs) examines the cybersecurity risks, readiness and realities of SMBs that own, operate or support U.S. critical infrastructure, including energy, financial, water and communications networks. The survey found these enterprises are especially vulnerable to cyber breaches that can take longer to detect and recover from, and pose a real and present threat to national security.
Robert Mayer, USTelecom’s Senior Vice President of Cybersecurity & Innovation, said: “Don’t be fooled – these companies may be small or have fewer employees than their counterparts – but they play a big role in operating and safeguarding our country’s critical infrastructure, including energy, financial, water and communications assets. There is nothing small about the importance of bolstering their cybersecurity posture to improve our collective security.”
Specifically, the survey analyzed critical infrastructure SMBs whose cybersecurity programs struggle to deliver strong security protocols at comparable levels to better-resourced and larger sector enterprises. This leaves these companies especially vulnerable to cyberattacks.
Among the key findings in the USTelecom survey:
- 75 percent of critical infrastructure SMBs experienced a breach at least once;
- On average, it took companies 5 months to fully recover from a breach;
- 59 percent of SMBs reported breaches that stopped daily productivity;
- Companies spent $170,000 on average to resolve a cyber breach;
- 46 percent of SMBs reported lost customers;
Mayer added: “USTelecom commissioned this survey to help companies and policymakers bolster cybersecurity because a failure at any individual, but interconnected, critical infrastructure company could impact the broader digital ecosystem. SolarWinds and the recent attack at a water plant in Florida demonstrate that companies need to immediately take stock of their cyber defenses – and get ready.”
Charlie Tupitza, Lead Cyber and Data Protection Consultant at America’s SBDC, said: “The information in this survey is vital for all small businesses to understand no matter their size or the markets they serve. It underpins the need to take threats to their critical information seriously. Most small businesses have little if any room to absorb any daily productivity loss pointed out in the survey. The average cost to resolve a cyber breach, especially now, is catastrophic to their sustainability.”
The USTelecom survey found heightened vulnerabilities for SMBs across social media; electronically held customer information; online bank accounts; VPNs; social engineering; and industrial control systems.
The report also outlines a series of recommendations for SMBs, including regular risk assessments, cyber insurance, staff training and additional financial investments in cybersecurity. Policymakers are urged to help close the cybersecurity talent gap between critical infrastructure SMBs and larger enterprises.
Last month, USTelecom and America’s SBDC, the association that represents the nation’s largest small business resource network, Small Business Development Centers (SBDCs), announced a partnership to help small businesses bolster cybersecurity defenses. Read more HERE.
USTelecom is the national trade association representing technology providers, innovators, suppliers, and manufacturers committed to connecting the world through the power of broadband.