CybergON analyzed the operations carried out daily in the company to investigate the characteristics of IT security in Italy. SMEs are among the main targets of cybercrime. According to the Clusit annual report, an average of one cyber attack is recorded every 4 hours every day. In 2022 alone, there were 191 attacks per month, compared to 171 the previous year.

More awareness

Elisa Ballerio, Marketing Director of CybergON

Companies are not yet aware of the importance of investing in information security. For this we want to show the results of the data collected in the current year. The goal that we have set ourselves with this research is, in fact, to create greater awareness and understanding of the state of the cybersecurity registered by us.

Difficult to leave

From the research conducted by the Elmec Informatica business unit dedicated to cybersecurity, it emerges that small companies have become an interesting target for cyber criminals. These, knowing that they find realities that are not always well structured, field fewer attacks sophisticated, but still successful. In this sense, it has been found that following the exploitation of vulnerabilities, the remediation times, i.e. recovery, are longer than in larger companies. And this leads, in many cases, to the total stop of production. In fact, according to the US National Cyber ​​Security Alliance, 60% of small businesses fail 6 months after an IT attack. And this is precisely because of the effect it suffers and the reduced ability to restart.

The main targets of cybercrime

On the contrary, large companies, which are generally more structured and more inclined to invest in IT security, have tools different to defend. The number of attacks against these realities is much higher than the small business. What changes is the ability to defend oneself and react. The remediation times encountered in the event of exploitation of vulnerabilities are in fact decidedly lower in large companies.

Defend yourself and react effectively

Finally, medium-sized businesses find themselves in an intermediate situation with still fewer attacks recorded than large enterprises. The ability to react in the event of a vulnerability being exploited is in line with large enterprise, as remediation times underline.

Cybercrime: be careful to underestimate the problem

No reality is now safe. For this reason, evaluating an IT defense implementation strategy is essential in order not to impact the company business and its operational continuity. Underestimating the topic today can lead to having to respond to much more substantial damages at a later time. Reason for having a SOC – Security Operation Center which has the task of identifying ongoing attacks and helping companies to elevate their level of security – is becoming an essential requirement for any company.

Why SMEs are targets for cyberattacks

Data collection was carried out on a sample of 88 parent companies clustered on the basis of company size, by number of employees. Furthermore, always in relation to the company size, the average number of devices connected to the company perimeter and the average amount of network traffic were taken into consideration to have a clearer idea of ​​the sample.