Most small and medium-sized businesses (SMBs) believe they are prepared for a cyberattack or any informatic disaster, but few are actually ready to deal with the aftermath of such an incident, according to new research published by Infrascale.
SMBs’ confidence in their abilities to weather cyberattacks might be misplaced, especially considering that many lack the tools needed to deal with such incidents. In fact, 92% of SMB executives think their company is prepared for disaster, but more than 20% don’t have even a data backup solution in place, which would be a bare minimum, along with a security solution.
The problem is compounded even more by the 16% of SMB executives who don’t even know their Recovery Time Objectives (RTOs). This is a period calculated between the start of recovery and the point where all operations are available once more.
If anything, SMB executives grossly underestimate their RTOs, to the point that they’re not even close to realistic. For example, 24% think they can recover their lost data in less than 10 minutes, and for 29% of them, that time extends to one hour.
While the RTO differs depending on the industry, size and preparedness of the organization, 10 minutes or one hour is way too quick. Ransomware attacks could lead to compromised backups, stolen data, or simply hardware failures. Data breaches alone could cripple any company.
The survey also uncovered some good news. Most SMB executives know that some type of recovery is necessary for multiple scenarios, either after data loss (58%) or after a malware attack (55%).
Finally, it turns out that 8% of surveyed SMB executives feel they are not prepared to recover from a disaster. Out of this group, 39% lack the budget, 37% lack time to research solutions, and 32% don’t have the right resources. In fact, 27% say that they don’t have the right technology to deal with cybersecurity incidents.