Skip to content Skip to footer

Loading Results

57% of SMBs experienced cyber-attack in the last 24 months Over 1,000 IT decision makers across Asia Pacific respond to PwC survey

Hong Kong, 15 July 2020 - According to the state of SMB cybersecurity at a time of crisis by PwC, only 27% of small and medium-sized businesses (SMBs) have a dedicated cybersecurity team, while 57% of them had experienced an online attack in the last 24 months. Viruses and malware (51%), web-based attacks (38%) and phishing attacks (32%) were identified as the top-three cyberattacks on SMBs.

PwC surveyed more than 1,000 SMBs across the Asia Pacific during March 2020 – just as COVID-19 had reached pandemic status when vast numbers of employees found themselves having to work from home. This would have increased cybersecurity risks to organisations where the work culture and IT infrastructure are tailored toward work at the office.

Most SMBs respondents express confidence in their cybersecurity measures, but only 53% of them have antivirus solutions in place – indicating that many have not deployed the most basic cybersecurity tools. 76% of SMBs sustained more than one cyberattacks over the last 24 months.

“Survey reveals a discrepancy between their confidence in their cybersecurity capabilities and their actual cyber-readiness. SMBs are viewed as easy targets by attackers, as they do not have the substantial cybersecurity resources dedicated to protecting larger enterprises,” said Kenneth Wong, Risk Assurance Cybersecurity & Privacy Asia Pacific, Mainland China and Hong Kong Leader.

The severity of these attacks is illustrated by significant monetary damage suffered by SMBs. Over 30% suffered damage between US$50,000 and US$250,000, while 9% sustained damage of more than US$1 million. The most vulnerable endpoints were identified as desk/laptop computers (44%) and web servers (44%).

On average, 44% of respondents across the eleven geographies surveyed report having suffered a data breach in the last 24 months. The fact that 57% have suffered attacks over the last 24 months, and 44% have sustained data breaches, suggests that cyber attackers enjoy a successful hit rate – even if the numbers are skewed by some SMBs taking multiple hits.

SMBs regard cybersecurity awareness and education among their staff as a high priority, and express a preference for tools that involve their employees in detecting threats and fending off attacks. 89% of SMBs agree to have staff involved immediately in order to raise alerts of suspicious online activity and help prevent further damages.

“The impact of COVID-19 creates significant short-term cybersecurity risks for SMBs, and yet we do suggest IT decision makers to take coping measures such as scaling up or down remote access with needs, implementing strong security and privacy principles, prioritising access for critical applications, etc,” said Mr Wong.


Notes to editors:

Survey Methodology

PwC surveyed 1,133 IT decision makers and business managers in SMBs across eleven territories in Asia Pacific during March 2020. They were Mainland China and Hong Kong SAR, Australia, Indonesia, Japan, Malaysia, New Zealand, Singapore, Taiwan, Thailand and Vietnam, each of which produced up to 100 respondents.

Of the respondents, 13% are business owners, 11% CIO/CTOs, 9% IT governance officers, 7% risk management heads, 6% compliance/internal audit heads, 4% data security officers, 4% chief security officers, 25% senior executives and 21% IT professionals.

Contact us

Paul Xu

Manager, PwC China

Tel: +[86] (20) 3819 2640

Follow us