Resilient SMBs have processes that enable them to quickly bounce back from any situation in which their data is compromised. But most SMBs are not resilient. A recent global survey by Arcserve revealed that only 23% of small and midsize organisations have mature data resilience strategies with associated goals they can use to track progress.

Australian SMBs are not immune to the growing threat of cyberattacks and threat actors are not selective based on industry or company size.

The emotional roller coaster of data protection

The “seven stages of grief” refers to the psychological process individuals typically go through when experiencing profound loss or bereavement, including shock, denial, anger, bargaining, and depression.

Applying the “seven stages of grief” to SMBs dealing with data protection issues looks something like this:

Shock and Denial

This is when the SMB first becomes aware of the potential risks to their data. They might be shocked to learn about the extent of the potential damage and the various threats. There might also be some denial, as they may initially find it hard to believe such threats could impact their business.

Pain and Guilt

As SMBs begin to understand the gravity of the situation, they may feel pain over potential losses or damage to their business. They may also feel guilt, particularly if they have not taken data protection seriously in the past, which might have exposed their business to unnecessary risk.

Anger and Bargaining

The SMB might feel anger towards the circumstances that have led to the data threats, such as cybercriminals or their past negligence. They may also start bargaining or looking for quick fixes to protect their data, which could lead to ineffective strategies.


The realisation of the effort and resources required to protect their data effectively may lead to feelings of depression. The SMB may feel overwhelmed by the complexities of data protection and the potential impact of data loss on their business.

Upward Turn

As SMBs start to take concrete steps to improve their data resilience, things start to look up. They may begin to see that, although the process is complex, it is manageable and within their capabilities. The first step, for instance, is determining the critical operating systems. There are those that, if compromised, will cause a minor disruption. Then some will halt the entire business, perhaps ending it entirely. The SMB can start by determining where their critical data is stored and which systems are needed for their business to function effectively.

Reconstruction and Working Through

During this stage, the SMB is actively working on its data protection strategies. They are implementing new measures, improving their systems, training their staff, and generally doing the work needed to improve data resilience. For instance, the SMB can beef up its backup and recovery processes by storing data copies in separate locations to mitigate data loss from events like a cyberattack. They can also implement immutable data storage, which safeguards information by taking snapshots every 90 seconds. So even if ransomware does sneak through and data is overwritten, the information will still be easily recoverable to a recent point in time.

Acceptance and Hope

Finally, the SMB accepts the importance of data resilience and the effort required to achieve it. When the proper controls and alerts are in place, the SMB is in a much better position to prevent unauthorised access and remedy unexpected incidents. They also have hope for the future, knowing they are better prepared to handle data threats and recover from potential data loss. 

The value of a service provider

Due to a lack of resources, many SMBs focus almost entirely on their day-to-day operations. For many, that’s a necessity. It is why it makes sense for SMBs to collaborate with a specialised service provider with expertise in data backup, cybersecurity, and data resilience. 

Partnering with a service provider that knows best practices and works with best-in-class vendors will complement your SMB’s IT knowledge and ensure a solid and effective data resilience plan. This proactive approach is crucial, as you may not even know all regulations you must follow. Engaging a service provider ensures that you’ll be informed and compliant. SMBs can cost-effectively access the practices and expertise needed, letting you focus on your core operations and growth while entrusting resilience and recovery strategies to a knowledgeable professional.

Considering the stakes involved, allocating a budget to data resiliency is crucial, even if it’s a modest amount. Service providers, specialised vendors and solutions enable SMBs to start small, establish a solid resilience plan and scale as their business grows.