Skip to main content



) - Small businesses have massively underestimated the threat posed by cybersecurity, according to research released on Monday by the National Cyber Security Alliance (NCSA) and


(SYMC) - Get Free Report


The study, which surveyed 1,015 U.S. businesses with less than 250 employees, revealed a glaring disconnect between cybersecurity perception and reality at small- to medium-sized businesses, or SMBs. While more than 77% of respondents said that their company was safe from the likes of hackers, viruses and malware, a massive 83% have no formal cybersecurity plan in place.

The research, released as part of National Cyber Security Awareness Month, also revealed that 66% of SMBs are not concerned about cyber threats. Experts, however, warn that cybercriminals could use small businesses as a "stepping stone" from which to launch attacks.

"SMBs have to realize that data is the coin of the realm in cybercrime," said Michael Kaiser, executive director of the NCSA, in an interview with


, pointing to the likes of customer and employee data. "Cybercriminals may use

SMBs to get to somebody else."

Criminals, for example, could use an SMB's client contact list in a phishing attack, a form of online scam typically launched via email.

Social media is also a popular launch pad for criminals' phishing attacks; although the research found that 70% of SMBs do not have policies for employee social media use.

"Cybercriminals know that small businesses are less defended than large businesses," noted Kaiser. "Small businesses could appear as a very easy entry point for a lot of cyber criminals."

"In many cases, small businesses don't think that they are going to be attacked as much as a large organization," added Laura Garcia-Manrique, vice president of SMB Customer Experience at Symantec. But that's not the case. A small business, she added, is four times more likely to suffer a general malware attack than a large organization.

The NCSA urged SMBs to look at where their information is being stored and used, and protect those areas. It also reminded small businesses to enforce strong password policies, encrypt confidential information, educate employees about cybersecurity and stay up to date with the latest viruses and worms.

Symantec's Garcia-Manrique touted cloud-based security technologies (which, incidentally, the company sells) as a way for small firms to gain the expertise needed to lock down data.

The Mountain View, Calif.-based firm is not the only tech heavyweight banging the cybersecurity drum. Last week, research from the

Ponemon Institute

, sponsored by


(HPQ) - Get Free Report



that the cost of cybercrime is increasing dramatically for businesses.

A number of big-name firms, such as



, have already hit the headlines after


cyber attacks.

Last month, security guru Eugene Kaspersky, CEO of Kaspersky Lab,


that hackers could shut down power in most of the world within a matter of decades.

Defense Secretary Leon Panetta also warned of a looming

"cyber pearl harbor"

during a speech in New York last week, outlining the potential for a massive attack against critical U.S. infrastructure.

A number of large U.S. financial institutions have faced significant

denial-of-service attacks

recently, alarming experts with the speed and the scale of the digital assaults.

Symantec shares closed up 0.45% at $17.96 on Monday.


Written by James Rogers in New York.

Follow @jamesjrogers

>To submit a news tip, send an email to: