SMEs get stuck in the denial phase. How do you address a customer "in denial"?

The typical statements of a customer 'in denial’

We've all heard them before, the beliefs why a small(er) company doesn't need to concern itself with cybersecurity: 

These types of companies are in all likelihood leaky as hell and thus ... are the easiest targets. The more they bury their heads in'sand, the easier it is for hackers.

A few examples:

  • We are of no interest to hackers anyway; what is there to collect from us now?
  • I find doing business complicated enough. Things I don't understand, I'd rather stay away from.
  • My website was built by an experienced party. So it must/will be safe.
  • We have only 10 employees. I know all of them personally. No way are they going to fall for a phishing email!
  • I don't have time at all to get into cybersecurity. I simply have other priorities.
  • Yes, we do sometimes use one license with different employees. And yes, we share the password. It's not that bad, is it?
  • We have no budget to secure ourselves deftly. And it is totally unclear where you put your money when you do invest in security.
  • I have few secrets. We are also transparent in our operations.
  • What are the chances of one of my employees visiting a shady Web site?
  • Discussions about (online) privacy I often find overblown. People themselves smear their entire lives and deepest secrets all over the Internet. So why should I have to follow strict rules to protect their data?
  • We have an IT person on staff. He keeps track of all that. 

Compromised? It will cost you more than just your sleep.

Even companies that claim they are not engaged in digitization, it turns out that in almost all cases (to a greater or lesser extent) they are nevertheless using online business-critical applications. In other words, digital tools that run or support processes to keep your day-to-day operations running smoothly. If there is a kink (or leak!) in the (virtual) cable somewhere, the business stops running, at least partially. And there, of course, is the business model a hacker. They know how to find your weak spots and try to profit themselves as much as possible from shutting down those processes. And the company manager is at a loss, because can this still be rectified? And how?

Data recovery and related solutions can *may* provide relief, but are time-consuming, intensive, require specific expertise and the outcome is uncertain.

Besides, the financial impact doesn't make you happy either:

  • Do you pay ransom to hackers?
  • The solutions and experts trying to save your lot don't do it for free.
  • What does it cost your company to be out of business? Just because your staff is technically unemployed doesn't mean you don't have to pay them. Meanwhile, your own production and sales are at a standstill. 
  • You can't provide service to your customers. Possibly that will not be appreciated and you will lose customers to the competition.
  • For prospects and all other stakeholders, you must also consider reputational damage. After all, who wants to buy from or work with a company that is leaky and thus (unknowingly) unreliable with data?


Are or do you know someone 'in denial'? Here some insights!

  • Digitization is everywhere

Any company that innovates and/or wants to be relevant in the future has to deal with digital transitions. So every company - large or small - is a potential target. Good cyber hygiene is therefore an essential part of your digital transition. 

  • Hacking is like 'a walk in the park'.

There are accessible "communities" where you can find free hacking tools, where tips are exchanged and where stolen data is auctioned off.  The Dark Web lends itself perfectly to facilitating such illegal practices. 

Even relatively amateur hackers manage to quickly penetrate corporate networks. Sometimes these hackers don't do much with it themselves, but sooner or later they can cleverly resell the data to more "professional" criminals.

  • Hacking is safe. 

That may be a strange statement, but a hacker always has job security and the risk of being punished is virtually zero. Hackers have more reasons to feel safe than their potential targets. 

Many cyber crimes go unreported and thus remain under the radar. For the abuses and crimes that do get reported, prosecutions usually fail. Identification of the criminals is complex and legislation usually lags behind. Lucrative business, then, that hacking.

  • Tolerance of cybercrime.

Some regimes turn a blind eye to cybercrime. Regimes in certain countries let hackers have their way as long as they only attack companies and governments that these regimes label as "hostile." These regimes and their hackers do not really take into account country borders and the (legal) provisions in other countries intended to promote cybersecurity. 

  • Part of the (smaller) companies are naive.

We have come a long way: cybersecurity is high on the agenda of many (large) companies.  They are aware of the dangers and how dramatic it can turn out to be when things go wrong. But many also continue to shout the above beliefs. However, there are plenty of examples of companies that had to close their books as a result of a cyber attack.​ 

A prime example of why we are fighting against this ignorance are figures from recent reports* regarding phishing. Every day (!) 3.4 billion (!) malicious emails are sent and a new phishing website is created every 20 seconds (!). Surely it would be incredibly naive to think that these are directed at anyone but you and your business? 

More alarming figures

In Europe, the number of victims of cyber attacks increased by 18% by 2022. Remarkably, 4.5 times more SMEs fall victim to cyber extortion than medium and large companies combined. Malware is a popular weapon to attack these companies. 

The impact is unfortunate: 60% of companies victimized by a cyberattack go out of business within six months.

Hou je het simpel en veilig?

Het beveiligen van je medewerkers, infrastructuur, je processen en je bedrijf is inderdaad complex. Laat daarom de volledige beveiliging en de complexiteit ervan in handen van experts. Dan kan jij zorgeloos verder met je dagdagelijkse operationele bezigheden. 

Bij AXS Guard houden we meer van voorkomen dan genezen. Onze oplossingen zijn er dan ook op gericht om cybercriminelen tegen te houden voor ze aan je waardevolle data en infrastructuur kunnen. Ja, dat kunnen wij ook op maat van het MKB / de KMO’s.

Want to know more? Get in touch with us!

*IBM’s Cost of a Data Breach Report, Verizon’s 2023 DBIR (Data Breaches and Investigations Report) and DataProt.

USB as entry point for hackers