SMB and midmarket businesses still think they're too small to be targeted by cybercriminals.

Edward Gately, Senior News Editor

May 24, 2023

7 Slides

There’s been an “astounding” increase in cyberattacks targeting the SMB and midmarket segments, and they need partners now more than ever to help them stay secure.

Morales-Ed_TD-Synnex.jpg

TD Synnex’s Ed Morales

That’s according to Ed Morales, TD Synnex’s global vice president of security and high-growth technologies business development. On Day 2 of TD Synnex Beyond Security 2023, he gave a keynote on the accelerating threat to SMB and midmarket businesses.

“The cost it takes these small firms to recover from a breach is $2.2 million,” he said. “And usually about 60% of these companies that get breached are going to be basically out of business in six months. And the scary thing is half of them don’t even know that they’re that exposed.”

A recent McKinsey report assessed the scope of the market in the SMB and midmarket space. It projected $1.5 trillion to $2 trillion in addressable market.

“So that means there’s obviously a large group of these customers out there that are not really doing anything and their security posture is low,” Morales said. “And what’s important really for the overall segment is if you can go back to some of the the classic [cyberattack] case studies, Danske Bank or Target, the way they were entered was through these smaller entities with whom they were partnered. So they got breached and, in turn, these larger entities got breached. So that’s how a lot of this is a much more broader concern. It’s not just a smaller market segment. It actually has an enterprise implication as well.”

SMB and Midmarket Organizations Not Concerned Enough

SMB and midmarket organizations think they’re not targets because “they think they’re too small,” Morales said.

“They’re a small entity, but they’re the prime targets because they’re the entry point,” he said. “Now, everything is so digitally connected. They’re the entry point to something else.”

The cybersecurity skills shortage also is playing a role in SMB and midmarket businesses coming up short when it comes to cybersecurity, Morales said.

“They can’t afford to have these sort of resources and on staff,” he said. “It takes a lot of time and effort to do risk assessments. So they don’t just don’t have the infrastructure to be able to support that. So that’s part of it.”

It may also be something as simple as turning on basic features like multifactor authentication (MFA), Morales said.

“With one of our larger hyperscalers, there’s been a large breach of their customer base based on them turning off MFA in their environments,” he said. “So there’s some rudimentary things that can take place, but it’s just they don’t believe they’re a target. And I think that’s the vulnerability. They just think it’s going to happen to somebody else.”

Scroll through out slideshow for more from Day 2 of TD Synnex Beyond Security.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like