Back to Blog

Why Small and Mid-Sized Companies Remain Vulnerable to Data Breaches


Small and mid-sized businesses are far from exempt when it comes to data breaches, and in many ways remain much more vulnerable than the large fortune 500 companies that we hear about in the media-most of those companies have policies, software, and procedures in place to protect them should a breach occur, and many small businesses don't, but should. In fact, 43% of these businesses have reported experiencing a data breach in the last 3 years, with 29% of those breaches involving external business partners, executive teams are taking notice. The majority of business leaders now understand that a data breach is considerable risk to their business, and measures must be taken in order to protect against attacks.


Regardless of industry or size, all businesses have information and therefore remain vulnerable. This year, between January 1st and June 23, the Identity Theft Resource Center’s website, which collects information from law enforcement and media sources, reported that 380 breaches occurred in the United States, causing more than 117 million records to/ be exposed. No matter how secure internal measures may be, it is crucial that businesses remain in control of their documents at all times. Once an outside entity gains control or access to critical company information the business can be negatively impacted, and that is a risk that many are no longer willing to take.


To date the most affected industry is without-a-doubt healthcare. Earlier this year, Anthem's data breach alone compromised 80 million records, and that is just the tip of the iceberg. While most of these breaches occur via electronic media, primarily laptops and other portable electronic devices, about a quarter result from breaches of external vendors networks. These breaches typically target un-encrypted patient data that is reported by heathcare providers and clinicians and protected under the HIPAA. What creates an even larger challenge for the industry is that these strategic criminal attacks on personally identifiable information are are considerably more expensive to remedy due to the type of information lost in the breaches and the shear number of individuals it affects. 


With no indication that attacks will slow for small to mid-sized businesses, creating a growing risk of financial liability, executive teams are tightening their security networks, and making extra efforts to protect themselves and their businesses from potential financial ruin caused by a data breach. Today, the majority of business leaders will only choose to work with outside partners and/or vendors that take stringent measures to protect data and critical information. A lesson even industry giants like Target and Anthem had to learn the hard way- both infamous data breaches occurred due to a breach in an outside vendor's network. Target's breach resulted from contracting a smaller a company out of Pennsylvania who's system was connected with Target's data network for electronic billing, contract submissions and project management.  


One thing is certain, as the business world continues to move online for nearly every day-to-day activity, there is an increased need for businesses to keep their most critical and confidential financial, employee, and other corporate information secure and protected from cyber-criminals. Fortunately, there are a number of internal best practices and software solutions available to assist businesses in this process. Choosing a process and solution that works both financially and procedurally for your business is important, and executing a data protection plan before an attack occurs is necessary. 


How does your business protect itself from cyber-attacks? Please share your comments below.





Big Pharma R&D Trends