Three out of four (74 percent) small and medium-sized businesses (SMBs) in India suffered a cyber incident in the past year, resulting in 85 percent losing customer information to malicious actors, in addition to a tangible impact on business, a new study by Cisco revealed on Monday.

According to the study, titled ‘Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defense’, more than half (62 percent) of SMBs in India that suffered cyber incidents in the past 12 months said that cyber-attacks cost their business more than Rs 3.5 crore. Of these, 13 percent say that the cost was over Rs 7 crore.

“As they digitise, SMBs are embracing the fact that any transformation, especially one that allows them to meet customers where they are and build trust, must begin with cybersecurity,” Panish P.K., Managing Director – Small Business, Cisco India and SAARC, said in a statement.

The study is based on an independent, double-blinded survey of over 3,700 business and IT leaders with cybersecurity responsibilities across 14 markets across the Asia Pacific region.

The survey highlighted that SMBs saw several ways in which attackers tried to infiltrate their systems. In India, malware attacks, which affected 92 percent of SMBs, topped the charts, followed by phishing (76 percent). 38 percent of those that suffered incidents said that the number one cause was not having cybersecurity solutions.

Meanwhile, 36 percent ranked cybersecurity solutions as not being adequate to detect or prevent the attack as the number one reason.

Besides the loss of customer data, SMBs that suffered a cyber incident also lost internal emails (73 percent), employee data (71 percent), intellectual property (74 percent), and financial information (75 percent). In addition, 73 percent of those said it disrupted their operations, 76 percent admitted it negatively impacted their reputation, and more than half (70 percent) said it resulted in a loss of customer trust.

However, SMBs are rising to the challenge. The study highlights that they are taking strategic measures like carrying out simulation exercises to improve their cybersecurity posture.