Cybercriminals are turning their focus to small and medium enterprises (SMEs) as large organisations bolster their cybersecurity infrastructure, maintain data redundancy, invest in cyber insurance, and refuse to pay ransom.
Hacker groups like Lockbit, BlackCat and Akira are increasingly targeting SMEs in healthcare, retail and manufacturing, who sometimes remain unable to regain their IT systems even after paying ransom.
Attacks on SMEs (with 100-5,000 employees) have significantly risen in India and accounted for nearly half of all such incidents in 2023. Among large organisations, only 10% of those attacked paid ransom, whereas with SMEs, 44% ended up paying amounts ranging between $25,000 and $100,000, according to data from cybersecurity firms.
“The impact of such attacks on SMEs can be devastating,” said Sanjay Katkar, joint managing director at cybersecurity software firm Quick Heal Technologies. “A cyberattack incurs heavy costs in terms of both finances and reputation, which is too much for most SMEs to recover from.”
Cybercriminals' exploitation of SMEs is a global trend, according to a study by digital security firm ESET. In 2023, cybercriminals deployed a record 500,000 unique malware daily on average. Incidents of cyber breach were the highest in India at 88%.
As per the annual surveys by security firm Sophos, nearly 64% SME organisations were attacked in 2023, lower than 73% in 2022. However, of those which were targeted, 65% ended up paying ransom in 2023 as against 44% the previous year.
The