Concerns regarding data security have become increasingly prevalent among small business leaders, with nearly 8 out of 10 expressing anxiety about the safety of their company's sensitive data and information, according to a recent report by Shred-it.
The report sheds light on the growing unease surrounding data breaches, which remain at levels comparable to the all-time high set in 2021, as reported by the Identity Theft Resource Center. Consumers, too, have grown acutely aware of the harsh realities of cybercrime, with 81% of them indicating that they would discontinue their online engagement with a brand following a data breach, according to findings from a consumer report by Ping Identity.
Moreover, the financial repercussions of data breaches have reached record levels, with an average cost of over $4.4 million globally. Notably, the financial impact is even more substantial in Canada, exceeding $5.1 million, and in the United States, surpassing $9.4 million. For small businesses, such costs could prove devastating, potentially leading to regulatory actions, fines, legal expenses, and customer attrition.
Data breaches have directly affected 25% of small business leaders surveyed this year, with 50% attributing the breaches to employee errors. Consumers are not immune either, as 45% reported experiencing at least one data breach. Consequently, 75% of small business leaders and an overwhelming 94% of individual consumers have voiced their concerns regarding future data breaches.
To mitigate these concerns and prevent future breaches, over 90% of small business leaders acknowledge the critical role of data and information protection, along with compliance training. Interestingly, only 15% of them currently mandate such training for their employees, reflecting a gap between recognition and implementation.
Cory White, EVP, and Chief Commercial Officer at Stericycle, highlighted the financial pressures experienced by small businesses and consumers due to factors like inflation, supply chain disruptions, and rising prices. He emphasized the importance of information and data security in fostering strong customer relationships, underlining that the security of sensitive physical and digital data is an integral part of strategic decisions for business leaders.
Mitigating Future Risks Through Training and Education
Apprehensions regarding future data breaches are widespread, with 73% of small business leaders and 94% of consumers expressing their concerns. Notably, Canadian small business leaders exhibit even higher levels of unease, with 81% sharing this sentiment.
Despite these concerns, only 60% of respondents claim to be proactive in data and information protection, and a mere 22% describe themselves as "extremely proactive." This lack of proactivity leaves many small businesses exposed to potential issues in the future.
Moreover, there is a common fear among business leaders that their employees may not know how to respond effectively in the event of a data breach, with 71% sharing this concern. However, only 15% of small business leaders currently require their employees to undergo any form of training, and those who do offer training do so infrequently.
Furthermore, 63% of small business leaders admit that they lack a reliable resource for maintaining relevant policies and training. In addition, 76% worry that regulations in the field of data protection will become more intricate and onerous for small businesses in the future, with Canadian small business leaders, in particular, expressing heightened levels of concern at 87%.
A significant majority of small business leaders, 67%, feel overwhelmed at the prospect of altering their procedures to align with existing regulations. Presently, 47% do not have third-party partners to manage sensitive digital data and information. However, it is worth noting that more than 90% of those who do engage third-party partners find these collaborations to be highly valuable.
Michael Borromeo, VP of Data Protection at Stericycle, underscored the importance of a proactive approach for small business leaders. He emphasized the need to allocate an adequate budget upfront, as failure to do so could result in significant and challenging revenue losses. Offering regular employee training and gaining a comprehensive understanding of the evolving regulatory landscape for data protection are areas where trusted third-party partners can provide valuable guidance and support.