Malaysia: 84% of SMEs fell victim to cyber-attacks in 2018

The survey stated that 67% of local SMEs incorrectly believed that large corporations were more at risk of cyber-attacks than small businesses. However, smaller companies face a larger degree of exposure to cyber risks owing to their size and resources, as well as the lack of capital to invest in cyber risk management tools.

Malaysian SMEs were faster to respond to cyber incidents than other markets surveyed, with 67% resuming operations within 12 hours of a cyber-incident. Two-thirds (66%) indicated that everyone involved knew the proper protocol and crisis response went as planned.

The survey also noted that 48% of cyber incidents were due to human or administration error with customer records being the most commonly breached data, with 40% of businesses experiencing a breach of customer files in 2018. It is important to note that upon recovering files from the data breach, 16% of SMEs took no action to deter cyber incidents from recurring.

Other types of cyber incidents that were common among SMEs were disruption to computer network that was experienced by 44% businesses and 35% were affected by ransomware attack and phishing compromise whereby employees clicked on a malicious email link.

With human error being the most common type of cyber incident, the study stated that 37% of local SME leaders said their employees’ poor understanding of potential cyber threats is challenging their ability to protect their business from associated risks.

Adding to that, 20% of SMEs believed that their employees were the weakest link in their cyber defence and 41% believed that employees neglect their responsibilities around data protection.

The report was based on a survey of 1,400 respondents from 400 SMEs in Malaysia, Australia (400), Hong Kong (300), and Singapore (300). The respondents comprised 82% board-level executives and 18% senior managers or directors below board level from SMEs with between two and 249 employees.