SMBs Are Taking Cybersecurity More Seriously

Amongst a backdrop of mounting cybersecurity threats, small and medium-sized businesses (SMBs) have woken up to the risk that ransomware and malware pose for their organisation. Many are taking additional measures to protect themselves against attacks, according to a new survey by Datto, a Kaseya company.

In its annual State of Ransomware Report, nearly 3,000 IT professionals in SMBs across eight countries weighed in on the steps they are taking to protect themselves, from investing in more security products to utilising multiple security frameworks.

The key finding is that SMBs globally are actively investing in cyber protection. While on average, a fifth of the IT budget is dedicated to security, around 4 in 10 businesses (42%) are seeing their security budget increase and allocating additional resources.

The majority have implemented basic defences - anti-virus and email protection - and are now expanding their security strategy to other areas.

For example, nearly half (47%) of SMBs plan to invest in network security in the next 12 months, and 45% percent are looking to add cloud security. Further down the shopping list are security solutions for collaboration tools, endpoint security and Business Continuity and Disaster Recovery (BCDR).

While installing the right tools is important, SMBs also increasingly understand the need to proactively monitor their security posture. Nearly two thirds (62%) run vulnerability assessments at least twice a year, with more than a third (37%) scheduling them three or more times a year.

The CIS framework is the most used cybersecurity framework, with 34% of respondents utilising it. This is followed by CMMC (30%), COBIT (27%), and NIST (22%).

Investment In Cyber Insurance

Cyber insurance is a key consideration for SMBs as it can offset the repercussions of breaches. However, in the face of stricter regulations and growing threat volumes, cyber insurance is becoming harder to obtain, with some insurers stipulating that businesses need to have certain security controls in place in order to qualify. 

In the survey, over two thirds (69%) of respondents said they have cyber insurance in place, and 34% of those without insurance are likely to get it within a year. Fear of being hit by ransomware seems to be one of the drivers, as 42% of SMBs with cyber insurance believe it’s extremely likely that a ransomware attack will happen to them. Seven in 10 respondents admitted that a successful attack would seriously impact their organisation, with some saying it could be a fatal blow.

Overall, the survey found that organisations with cyber insurance tend to be more actively engaged in cybersecurity. They have more IT support, more frameworks (CSFs) and more security solutions. They’re also more likely to have experienced a security incident in the past.

Across the board, nearly a third of all respondents encountered computer viruses in the past year and 21% reported COVID-19 related scams or threats. As the main reason behind these security issues, 37% of SMBs cited phishing emails, followed by malicious websites and weak password and access management. However, around 42% feel they have had security issues due to lack of training and 24% said it was down to poor user practices and gullibility – indicating that there is room for improvement when it comes to building out their defence layers.

Lack Of Preparedness Is The Weak Spot

Despite the heightened awareness and increased investment in cyber protection, there is another area that could let SMBs down: planning for the worst-case scenario. Only 3 in 10 businesses have a best-in-class recovery plan in place. Around half (52%) rely on a standard plan and 16% admitted there is no formal recovery plan, leaving them wide open to complete data loss and major business interruption. Perhaps this explains why nearly half of respondents (47%) say their companies would find recovery from a cyberattack difficult – and 16% fear that their business would not recover at all.

In fact, downtime is an expensive problem that nearly half of survey respondents have encountered in the past year.

In 2022, the average cost of downtime was 126,000 USD, including lost revenue. An eyewatering figure, but many SMBs still don’t have the tools to minimise downtime, such as a unified BCDR solution, a managed security operations centre (SOC) or an incident response strategy.

Just under half (49%) of surveyed SMBs relied on manual backups to recover data during an incident, and one fifth were forced to reinstall and reconfigure all systems from scratch. With slow and cumbersome recovery processes, around 45% of businesses endured more than two days of downtime before their systems were back up and running.

It is clear that many SMBs will need additional help planning for, and dealing with, security incidents. The cybersecurity talent shortage is a contributing factor, as is lack of expertise.

A growing number outsource the job: Almost half (47%) of the IT professionals surveyed said their organisation relies on a managed service provider (MSP) or a managed security service provider (MSSP). With increasingly complex cyber threats, this percentage is likely to grow.

Chris Mckie is VP, Product Marketing Security & Networking Solutions at Datto

You Might Also Read: 

Cyber Security Tools For Your Small Business:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Human Error Is A Hacker's Dream
Creating Order Out Of WAF Management Chaos »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Global Knowledge Training

Global Knowledge Training

Global Knowledge is a worldwide leader in IT and business training, featuring Cisco, Microsoft, VMware, IBM, security, cloud computing, and project management.

KZ-CERT

KZ-CERT

KZ-CERT is the national Computer Emergency Response Team for Kazakhstan.

Penta Security

Penta Security

Founded on its data encryption technology, Penta Security is a leading provider of web and data security products, solutions and services.

Delta Risk

Delta Risk

Delta Risk is a global provider of managed security services and cyber security risk management solutions to government and private sector clients.

Infigo IS

Infigo IS

INFIGO IS specializes in information security consulting services. Our employees are leading information security experts in Croatia.

UKAS

UKAS

UKAS is the national accreditation body for the UK. The directory of members provides details of organisations offering certification services for ISO 27001.

RackTop Systems

RackTop Systems

RackTop Systems is the pioneer of CyberConverged data security, a new market that fuses data storage with advanced security and compliance into a single platform.

Mosaic Insurance

Mosaic Insurance

Mosaic is a next-generation global specialty insurer distinguished by an exceptional team, agile technology, and a structure that combines Lloyd’s of London strength with a global distribution network

Green Enterprise Solutions

Green Enterprise Solutions

Green Enterprise Solutions are a Namibian company providing Information and Communication Technology (ICT) services to corporate Namibia.

VulnCheck

VulnCheck

VulnCheck helps organizations outpace adversaries with vulnerability intelligence that predicts avenues of attack with speed and accuracy.

G-71

G-71

G-71 LeaksID is a cutting-edge ITM technology aimed at safeguarding sensitive documents from insider threats.

Total Secure Technology

Total Secure Technology

Total Secure Technology provides trusted Managed IT Security and Managed IT Services for organizations looking to increase their cybersecurity defensive posture.

Dexian

Dexian

Dexian is a leading provider of staffing, IT, and workforce solutions with nearly 12,000 employees and 70 locations worldwide.

AccessIT Group

AccessIT Group

AccessIT Group is a specialized cybersecurity solutions provider offering a full range of advanced security services.

Chorus

Chorus

Chorus are a leading Managed Security Service Provider (MSSP), and member of the Microsoft Intelligent Security Association (MISA), with three Microsoft Advanced Specialisations in security.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.