February 24, 2025 • 9 mins
Cyberattacks impact 73% of SMBs, often leading to significant financial and reputational losses. Discover why businesses should strengthen their cybersecurity by implementing foundational measures, like multi-factor authentication, and partnering with a sophisticated managed IT service provider. This episode includes real-world cases, cost analyses, and success stories that reveal the importance of proactive strategies as security threats grow more dynamic.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome back to
(00:00):
"Visionary IT,"
where we tackle the big challenges facedby small- and medium-sized businesses
every day.
Today, we're diving into one of the mostcritical yet often underestimated issues
shaping the future of businesses: cybersecurity. (00:12):
undefined
It's a topic that's more relevant thanever as cyber threats become more
sophisticated and SMBs find themselveswith targets on their backs.Yeah, and,
you know, it's kinda wild just how manysmall businesses still think,
"Oh, this won't happen to me."
I mean, Gar, I've seen way too many caseswhere that mindset ends up costing them
(00:37):
big time-sometimes even shutting downtheir business.Absolutely.
And the numbers back that up in ways thatare, frankly, alarming.
But, Reid, before we get into thosedetails, it's important that our
listeners understand that this is aboutmore than just technology-it's about
protecting your livelihood and yourcustomers' trust.
(00:57):
Every decision around cybersecurity hasripple effects across your entire
business.Totally.
Of course, it's not all doom and gloom.
Today, we're gonna walk folks throughwhat they need to know, where to start,
and how to protect their businesseswithout completely breaking the bank.
Sound good?Perfect.
Let's dig in!So, Reid, as we dive intothis critical topic, let's start with
(01:22):
some eye-opening numbers.
Last year, 73% of small business ownersin the U.S.
reported experiencing some form ofcyberattack.
That's nearly three out of fourbusinesses...just think about that.
But here's where it gets even moreinteresting: a surprising 85% of those
leaders felt like they were prepared tohandle such an incident.Right, and-and
(01:46):
prepared how?
You know, I hear "prepared," and I wannaask,
"Does this mean they're using stronginfrastructure, or are they just kinda
crossing their fingers and hoping for thebest?"
That's the key question, Reid, andunfortunately, only a small fraction are
implementing critical measures likemulti-factor authentication or mandatory
(02:07):
strong passwords.
Adoption rates for these basic controlsare shockingly low-hovering between 20
and 34 percent.
It leaves SMBs incrediblyvulnerable.Which probably explains why
hackers see them as easy targets, right?
Less sophisticated security, fewerresources to defend themselves-it's kinda
(02:31):
like leaving a vault door wide open at abank and hoping the robbers just won't
notice.Exactly.
And cybercriminals are evolving,exploiting gaps in SMB defenses by
targeting cloud systems more aggressively.
For example, 90% of all cyberattacks lastyear centered on the cloud.
And ransomware isn't just about lockingyour files down anymore.
(02:54):
attackers are now using double extortiontactics, which have increased by 64%.
That means they don't just encrypt yourdata; they also threaten to leak
sensitive information publicly unless youpay the ransom.Yeah, yeah-I remember
working with this one business owner whothought they were safe.
They moved everything to the cloud,thinking, "Oh, problem solved!" But that
(03:16):
ended up being their blind spot.
It wasn't until, uh, they faced somereally costly downtime-after we
implemented better protocols-that theyrealized how exposed they'd been.And
that's a common story, Reid.
It underscores why having a robustcybersecurity framework isn't just a
nice-to-have anymore-it's essential.
(03:37):
Without it, SMBs are forced into costlyreaction mode, which is something we'll
explore further as we go.
But the point here is, attackers aren'tjust targeting the big players-SMBs are
in the crosshairs.Alright, so SMBs areunder fire, their defenses are weak, and
attackers are getting smarter by the day.
(03:58):
Not exactly a winning combo.
Let's lay out what all this inactioncosts-we're talking real dollars.
Gar, you've got those numbers handy,right?I do, Reid.
So, the average data breach hitsbusinesses hard-costing $4.45 million per
incident.
And we can't forget about the downtimecosts.
That bleeds firms at a rate of $427 perminute, which adds up fast-over $25,000
(04:22):
in just an hour.Wait, that's overtwenty-five grand in sixty minutes?It is.
And for small businesses, even an hour ofdowntime can disrupt operations in ways
that ripple far beyond the immediatecosts.
Look, the recovery-especially aftersomething like ransomware-isn't just
about hardware or software fixes.
It's about regaining customer trust,managing reputational fallout, and
(04:46):
ultimately, fighting to stay afloat.Yeah,I mean, let's face it-if your clients
hear about a breach, you're not justlosing money in the short term.
You're losing credibility, loyalty, andprobably a few customers for good.
That's harder to put a number on, but theimpact is huge.Exactly, Reid.
And it's these indirect costs-things likelost sales, reduced productivity,
(05:09):
reputational harm-that are often farheavier burdens for SMBs.
I spoke with a business recently that washit by a ransomware attack.
They were down for over three days.Threedays?
Wait-tell me they had backups atleast.They did, but unfortunately, they
hadn't tested them in over a year.
So, restoring data wasn't as simple orquick as they'd hoped.
(05:32):
In the meantime, they lost customers, hadto field dozens of complaints, and their
insurance costs went up after theincident.
The downtime alone cost them tens ofthousands-and that's not counting the
brand damage.I bet they're notunderestimating prep work anymore.
It's wild how attackers know exactlywhere to hit SMBs where it really hurts.
(05:55):
The financial pain can stick around longafter the breach has been resolved.And it
raises an important point, Reid-everydollar you invest in proactive measures
can potentially save you thousands whensomething goes wrong.
It's not just about staying functionalduring an attack; it's about reducing
long-term liabilities and keeping yourbusiness viable.That's exactly why
(06:18):
preparation is key, Reid.
So, let's shift gears a bit and talkabout solutions.
For small and medium-sized businesseswanting to protect themselves effectively
without breaking the bank, the first stepis aligning IT budgets with cybersecurity
priorities.
A good approach is dedicating between 10to 20 percent of their overall IT budget
(06:39):
to security measures.Yeah, but here's theproblem-I've met business owners who hear
"10 to 20 percent" and think, "That's waytoo much." They'll invest in new tech but
skimp on the security basics, liketraining their employees or even just
setting up a decent firewall!And thatmindset, Reid, is where those big
vulnerabilities start to form.
(07:00):
But here's the thing-outsourcingcybersecurity to a sophisticated managed
IT service provider can make that smallerbudget work so much harder.
On average, SMBs can expect to paybetween $50 to $200 per user, per month
for these services.
That may sound like a lot, but it's afraction of the costs associated with an
actual breach.Exactly!
(07:21):
Doing nothing isn't cheaper-it's justspreading out the cost until it hits you
all at once.
I mean, what's $200 per user compared tolosing $25,000 in downtime or watching
your insurance premiums skyrocket afteran attack, right?Right.
And let me give you a real-world example.
We recently worked with a financial firmthat was hesitant about switching from
(07:46):
reactive IT fixes to a managedcybersecurity plan.
After a thorough assessment, theyrealized they were much better off
investing in managed IT services withintegrated cybersecurity to protect their
business.Oh, yeah, and I remember theirCEO had that "Aha!" moment when they
realized just how much cash they'd beenlosing on downtime before.
(08:09):
What's really cool, though, is they goteverything they needed, like MDR with a
SOC, awareness training, advanced emailprotection, and MFA.Exactly.
And here's the kicker-they ended uppreventing a phishing attack just three
weeks after partnering with us.
It could've cost them upwards of $50,000,but their new defenses stopped it before
(08:31):
it could cause damage.
That's the kind of return on investmentSMBs should aim for.That's fantastic, and
it's proof that this stuff works.
Honestly, it's not just about avoidingdisasters.
You're running your business better.
When you're prepared, you can focus ongrowth instead of just trying to
survive.Absolutely, Reid.
So, to kind of wrap it up for everyonelistening: cybersecurity doesn't have to
(08:55):
break the bank, but thinking it'soptional can break your business.
Partner strategically, invest smartly,and-you'll be in a far better position to
thrive, no matter what comes your way.Andthat's what it's all about, right?
Alright, folks, that's a wrap for today'sepisode.
Thanks for spending your time with us,and hey, go update your passwords on your
important accounts after this!
(09:16):
Until next time, stay visionary, staysecure.
Welcome back to
(00:00):
"Visionary IT,"
where we tackle the big challenges facedby small- and medium-sized businesses
every day.
Today, we're diving into one of the mostcritical yet often underestimated issues
shaping the future of businesses: cybersecurity. (00:12):
undefined
It's a topic that's more relevant thanever as cyber threats become more
sophisticated and SMBs find themselveswith targets on their backs.Yeah, and,
you know, it's kinda wild just how manysmall businesses still think,
"Oh, this won't happen to me."
I mean, Gar, I've seen way too many caseswhere that mindset ends up costing them
(00:37):
big time-sometimes even shutting downtheir business.Absolutely.
And the numbers back that up in ways thatare, frankly, alarming.
But, Reid, before we get into thosedetails, it's important that our
listeners understand that this is aboutmore than just technology-it's about
protecting your livelihood and yourcustomers' trust.
(00:57):
Every decision around cybersecurity hasripple effects across your entire
business.Totally.
Of course, it's not all doom and gloom.
Today, we're gonna walk folks throughwhat they need to know, where to start,
and how to protect their businesseswithout completely breaking the bank.
Sound good?Perfect.
Let's dig in!So, Reid, as we dive intothis critical topic, let's start with
(01:22):
some eye-opening numbers.
Last year, 73% of small business ownersin the U.S.
reported experiencing some form ofcyberattack.
That's nearly three out of fourbusinesses...just think about that.
But here's where it gets even moreinteresting: a surprising 85% of those
leaders felt like they were prepared tohandle such an incident.Right, and-and
(01:46):
prepared how?
You know, I hear "prepared," and I wannaask,
"Does this mean they're using stronginfrastructure, or are they just kinda
crossing their fingers and hoping for thebest?"
That's the key question, Reid, andunfortunately, only a small fraction are
implementing critical measures likemulti-factor authentication or mandatory
(02:07):
strong passwords.
Adoption rates for these basic controlsare shockingly low-hovering between 20
and 34 percent.
It leaves SMBs incrediblyvulnerable.Which probably explains why
hackers see them as easy targets, right?
Less sophisticated security, fewerresources to defend themselves-it's kinda
(02:31):
like leaving a vault door wide open at abank and hoping the robbers just won't
notice.Exactly.
And cybercriminals are evolving,exploiting gaps in SMB defenses by
targeting cloud systems more aggressively.
For example, 90% of all cyberattacks lastyear centered on the cloud.
And ransomware isn't just about lockingyour files down anymore.
(02:54):
attackers are now using double extortiontactics, which have increased by 64%.
That means they don't just encrypt yourdata; they also threaten to leak
sensitive information publicly unless youpay the ransom.Yeah, yeah-I remember
working with this one business owner whothought they were safe.
They moved everything to the cloud,thinking, "Oh, problem solved!" But that
(03:16):
ended up being their blind spot.
It wasn't until, uh, they faced somereally costly downtime-after we
implemented better protocols-that theyrealized how exposed they'd been.And
that's a common story, Reid.
It underscores why having a robustcybersecurity framework isn't just a
nice-to-have anymore-it's essential.
(03:37):
Without it, SMBs are forced into costlyreaction mode, which is something we'll
explore further as we go.
But the point here is, attackers aren'tjust targeting the big players-SMBs are
in the crosshairs.Alright, so SMBs areunder fire, their defenses are weak, and
attackers are getting smarter by the day.
(03:58):
Not exactly a winning combo.
Let's lay out what all this inactioncosts-we're talking real dollars.
Gar, you've got those numbers handy,right?I do, Reid.
So, the average data breach hitsbusinesses hard-costing $4.45 million per
incident.
And we can't forget about the downtimecosts.
That bleeds firms at a rate of $427 perminute, which adds up fast-over $25,000
(04:22):
in just an hour.Wait, that's overtwenty-five grand in sixty minutes?It is.
And for small businesses, even an hour ofdowntime can disrupt operations in ways
that ripple far beyond the immediatecosts.
Look, the recovery-especially aftersomething like ransomware-isn't just
about hardware or software fixes.
It's about regaining customer trust,managing reputational fallout, and
(04:46):
ultimately, fighting to stay afloat.Yeah,I mean, let's face it-if your clients
hear about a breach, you're not justlosing money in the short term.
You're losing credibility, loyalty, andprobably a few customers for good.
That's harder to put a number on, but theimpact is huge.Exactly, Reid.
And it's these indirect costs-things likelost sales, reduced productivity,
(05:09):
reputational harm-that are often farheavier burdens for SMBs.
I spoke with a business recently that washit by a ransomware attack.
They were down for over three days.Threedays?
Wait-tell me they had backups atleast.They did, but unfortunately, they
hadn't tested them in over a year.
So, restoring data wasn't as simple orquick as they'd hoped.
(05:32):
In the meantime, they lost customers, hadto field dozens of complaints, and their
insurance costs went up after theincident.
The downtime alone cost them tens ofthousands-and that's not counting the
brand damage.I bet they're notunderestimating prep work anymore.
It's wild how attackers know exactlywhere to hit SMBs where it really hurts.
(05:55):
The financial pain can stick around longafter the breach has been resolved.And it
raises an important point, Reid-everydollar you invest in proactive measures
can potentially save you thousands whensomething goes wrong.
It's not just about staying functionalduring an attack; it's about reducing
long-term liabilities and keeping yourbusiness viable.That's exactly why
(06:18):
preparation is key, Reid.
So, let's shift gears a bit and talkabout solutions.
For small and medium-sized businesseswanting to protect themselves effectively
without breaking the bank, the first stepis aligning IT budgets with cybersecurity
priorities.
A good approach is dedicating between 10to 20 percent of their overall IT budget
(06:39):
to security measures.Yeah, but here's theproblem-I've met business owners who hear
"10 to 20 percent" and think, "That's waytoo much." They'll invest in new tech but
skimp on the security basics, liketraining their employees or even just
setting up a decent firewall!And thatmindset, Reid, is where those big
vulnerabilities start to form.
(07:00):
But here's the thing-outsourcingcybersecurity to a sophisticated managed
IT service provider can make that smallerbudget work so much harder.
On average, SMBs can expect to paybetween $50 to $200 per user, per month
for these services.
That may sound like a lot, but it's afraction of the costs associated with an
actual breach.Exactly!
(07:21):
Doing nothing isn't cheaper-it's justspreading out the cost until it hits you
all at once.
I mean, what's $200 per user compared tolosing $25,000 in downtime or watching
your insurance premiums skyrocket afteran attack, right?Right.
And let me give you a real-world example.
We recently worked with a financial firmthat was hesitant about switching from
(07:46):
reactive IT fixes to a managedcybersecurity plan.
After a thorough assessment, theyrealized they were much better off
investing in managed IT services withintegrated cybersecurity to protect their
business.Oh, yeah, and I remember theirCEO had that "Aha!" moment when they
realized just how much cash they'd beenlosing on downtime before.
(08:09):
What's really cool, though, is they goteverything they needed, like MDR with a
SOC, awareness training, advanced emailprotection, and MFA.Exactly.
And here's the kicker-they ended uppreventing a phishing attack just three
weeks after partnering with us.
It could've cost them upwards of $50,000,but their new defenses stopped it before
(08:31):
it could cause damage.
That's the kind of return on investmentSMBs should aim for.That's fantastic, and
it's proof that this stuff works.
Honestly, it's not just about avoidingdisasters.
You're running your business better.
When you're prepared, you can focus ongrowth instead of just trying to
survive.Absolutely, Reid.
So, to kind of wrap it up for everyonelistening: cybersecurity doesn't have to
(08:55):
break the bank, but thinking it'soptional can break your business.
Partner strategically, invest smartly,and-you'll be in a far better position to
thrive, no matter what comes your way.Andthat's what it's all about, right?
Alright, folks, that's a wrap for today'sepisode.
Thanks for spending your time with us,and hey, go update your passwords on your
important accounts after this!
(09:16):
Until next time, stay visionary, staysecure.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.