Good news for cybercriminals: More than half of executives at SMBs say they would pay malicious hackers in order to recover their stolen data, and that number jumps to 74 percent among larger SMBs that employ 150-250 people.

That’s according to the second quarterly Cyberthreat Index for Business Survey. Conducted in partnership with the University of West Florida and AppRiver, a Zix company, it surveyed more than 1,000 U.S. decision-makers in April and also found that:

Geoff Bibby, Zix’s vice president of marketing, tells us his company sees consistent patterns of challenges for MSSPs from the survey.

AppRiver’s Geoff Bibby

“First, SMBs still have perception biases and skepticism as it relates to cloud-based data storage,” he said. “The good news is that four in five SMB respondents say they use cloud; however, only half of them … are confident cloud-based storage is both secure and convenient. Forty-four percent of all respondents – we surveyed 1,035 SMB leaders and IT decision makers nationwide across a multitude of top verticals – are not convinced the cloud is secure.”

Smaller SMBs tend to underestimate their real cyberthreat risks compared to medium-size businesses, Bibby said.

“Smaller SMBs tend to believe cybercriminals will not target them, and they consistently underestimated their real threat risks,” he said. “They are less likely to value cybersecurity resources and outside partners for threat prevention, because for lack of a better word, they appear unrealistic about the real threats they face.”

Cybercriminals often have the upper hand when SMBs do not arm themselves sufficiently for potential cyberthreats, Bibby said.

“When you see this, you know the secure management and storage of business data is vital to the survival of SMBs,” he said.

Financial services and insurance, health care and pharmaceutical, and government SMBs appear to be the sectors that take secure data storage most seriously, with 67%, 63% and 62%, respectively, saying their business data is on their secured network and nowhere else, according to the survey.

SMBs are lacking awareness of how prevalent cyberattacks are, Bibby said.

“Particularly among smaller SMBs, they assume they could be spared because they are small, which is not the case,” he said. “They are also lacking in the right mindset. Cybersecurity is often an afterthought for SMBs: Start the business, get funding, get customers, grow, then maybe at some point later we can worry about cybersecurity (when we are big enough for anyone to care about hacking us). That is not the right mindset. Cybersecurity needs to be considered from the ground up, during business inception, instead of retrofitted. It is a matter of shift in awareness, in mindset, and in preparedness education and investment in resources.”

“The [survey] provides deep insights into the attitudes and concerns of decision-makers at SMBs,” said Dr. Eman El-Sheikh, director of the University of West Florida Center for Cybersecurity. “This is the lifeblood of the American business community, as census data show that firms with fewer than 100 workers represent 98.2 percent of all businesses. The high willingness to pay ransom demonstrates the importance of business data to these organizations; however, the growing apathy of threat fatigue could prove to be dangerous. The time is now to institute cyber readiness training, tools and policies.”

Also this week, AppRiver announced its next-generation solution in business email encryption now is available to its partners. The new email encryption capabilities provide intelligent full-content scanning of a sender’s email subject, message body and attachments.

“AppRiver’s 4,500-strong reseller network – and the tens of thousands of businesses they work with – will now have access to the same encryption technology that protects many of the nation’s largest financial and healthcare institutions,” said Dave Wagner, Zix’s CEO.