As a business leader, to learn your company is vulnerable to digital security threats is alarming news. But that is exactly what a study published on ITProPortal claims. 

A new report reveals that around 25% of all business enterprise devices — smartphones, tablets, laptops, bespoke hardware, IoT devices, etc. — have poor security configurations, meaning they are open to cyber breaches and data theft. 

The report results come after the increased demands for remote working following the COVID-19 pandemic, which has led to a rise in the use of enterprise devices to connect to work environments. 

Why Is This News So Concerning? 

Predictions suggest that by 2025, cybercrime could cost the global economy over $10 trillion, but even dropping down from a worldwide scale to individual attacks, the financial implications are massive.

The average cost of recovery from a cyberattack is just under $4 million. Very small businesses will likely see lower costs, but these still hit a minimum of around $200,000, according to CNBC. 

Many organisations cannot afford such disastrously high figures, with 60% of SMEs hit by a major security breach going bust within six months.

Despite the risks, many organisations do not spend enough on cybersecurity protection. The average allocation of budget for cybersecurity measures within the finance industry, for example, is just 10% of the total IT spend

Given that a cyber breach can destroy a business in a matter of months, it might seem surprising that business leaders are investing so little in much-needed protection.

Part of this comes from a mentality of believing that such an attack would not happen to them, which is, of course, untrue. Nearly 50% of cyberattack attempts are targeted at small businesses, as referenced in the earlier resource credited to CNBC. 

And these attacks can have a highly successful strike rate.

In Europe, we can see examples of massive cyberattack penetration across a range of countries. Up to 88% of UK businesses experience some form of cybersecurity breach annually, which is actually lower than Italy (90%), Germany (92%) and France (94%). In the UK specifically, where there are over 6 million registered businesses, this equates to a cyber breach every 16 seconds. 

While a high number of these breaches are insignificant and dealt with painlessly, more than half require investigations or result in serious consequences for the target business.

Back to the Point

With all these figures in mind, it becomes glaringly obvious that the risks posed by weak security configurations found on enterprise devices need to be dealt with and shut down immediately to prevent nightmare scenarios. 

With upwards of 90% of businesses being successfully hit by a cyber breach every year, everyone can and will be targeted at some point in the near future. And If there are major vulnerabilities for hackers to exploit, such as poorly configured enterprise devices, these breaches will be far from painless. 

Such scenarios have the potential to collapse businesses entirely, so this is not a case of learning and growing as we adapt to work-from-home lifestyles. Instead, a rapid and urgent response is required to avoid a potentially devastating slew of cybersecurity breaches. 

Closing Down Vulnerabilities 

The problem with having vulnerabilities across 25% of your enterprise devices is that they provide hackers with an easy way to access your business data. Devices like staff laptops connect to your network, your applications and your data centres, which — if compromised — allows cybercriminals to see what your employees see.

We don’t need to tell you what kind of havoc that could wreak on your business.

The answer is simple. 

Businesses must increase their investment in protecting these devices from cyberattacks. Just as on-site hardware can be protected, so too can off-site enterprise devices be locked down when given the proper care and attention.

As mentioned, the average proportion of IT budget assigned to cybersecurity is very low in the grand scheme of things — around 10% — although this varies by industry. This may not be enough to cover the costs of protecting a wider bubble of business devices now employees are working remotely.

Step one, then, is to increase cybersecurity spend. This enables step two — for IT teams to invest enough time and energy into identifying enterprise device risk and putting in place measures to secure them. 

At this stage, it’s important to note that, given the urgency of this problem, businesses may not have the IT team capacity or experience to make the necessary changes at the speed currently required due to the risks involved. Fortunately, there are solutions offered by third-party enterprises, including managed cybersecurity services, that allow SMEs to obtain one-off or ongoing support to deal with this new and serious threat.