SMBs Are Taking Cybersecurity More Seriously

Amongst a backdrop of mounting cybersecurity threats, small and medium-sized businesses (SMBs) have woken up to the risk that ransomware and malware pose for their organisation. Many are taking additional measures to protect themselves against attacks, according to a new survey by Datto, a Kaseya company.

In its annual State of Ransomware Report, nearly 3,000 IT professionals in SMBs across eight countries weighed in on the steps they are taking to protect themselves, from investing in more security products to utilising multiple security frameworks.

The key finding is that SMBs globally are actively investing in cyber protection. While on average, a fifth of the IT budget is dedicated to security, around 4 in 10 businesses (42%) are seeing their security budget increase and allocating additional resources.

The majority have implemented basic defences - anti-virus and email protection - and are now expanding their security strategy to other areas.

For example, nearly half (47%) of SMBs plan to invest in network security in the next 12 months, and 45% percent are looking to add cloud security. Further down the shopping list are security solutions for collaboration tools, endpoint security and Business Continuity and Disaster Recovery (BCDR).

While installing the right tools is important, SMBs also increasingly understand the need to proactively monitor their security posture. Nearly two thirds (62%) run vulnerability assessments at least twice a year, with more than a third (37%) scheduling them three or more times a year.

The CIS framework is the most used cybersecurity framework, with 34% of respondents utilising it. This is followed by CMMC (30%), COBIT (27%), and NIST (22%).

Investment In Cyber Insurance

Cyber insurance is a key consideration for SMBs as it can offset the repercussions of breaches. However, in the face of stricter regulations and growing threat volumes, cyber insurance is becoming harder to obtain, with some insurers stipulating that businesses need to have certain security controls in place in order to qualify. 

In the survey, over two thirds (69%) of respondents said they have cyber insurance in place, and 34% of those without insurance are likely to get it within a year. Fear of being hit by ransomware seems to be one of the drivers, as 42% of SMBs with cyber insurance believe it’s extremely likely that a ransomware attack will happen to them. Seven in 10 respondents admitted that a successful attack would seriously impact their organisation, with some saying it could be a fatal blow.

Overall, the survey found that organisations with cyber insurance tend to be more actively engaged in cybersecurity. They have more IT support, more frameworks (CSFs) and more security solutions. They’re also more likely to have experienced a security incident in the past.

Across the board, nearly a third of all respondents encountered computer viruses in the past year and 21% reported COVID-19 related scams or threats. As the main reason behind these security issues, 37% of SMBs cited phishing emails, followed by malicious websites and weak password and access management. However, around 42% feel they have had security issues due to lack of training and 24% said it was down to poor user practices and gullibility – indicating that there is room for improvement when it comes to building out their defence layers.

Lack Of Preparedness Is The Weak Spot

Despite the heightened awareness and increased investment in cyber protection, there is another area that could let SMBs down: planning for the worst-case scenario. Only 3 in 10 businesses have a best-in-class recovery plan in place. Around half (52%) rely on a standard plan and 16% admitted there is no formal recovery plan, leaving them wide open to complete data loss and major business interruption. Perhaps this explains why nearly half of respondents (47%) say their companies would find recovery from a cyberattack difficult – and 16% fear that their business would not recover at all.

In fact, downtime is an expensive problem that nearly half of survey respondents have encountered in the past year.

In 2022, the average cost of downtime was 126,000 USD, including lost revenue. An eyewatering figure, but many SMBs still don’t have the tools to minimise downtime, such as a unified BCDR solution, a managed security operations centre (SOC) or an incident response strategy.

Just under half (49%) of surveyed SMBs relied on manual backups to recover data during an incident, and one fifth were forced to reinstall and reconfigure all systems from scratch. With slow and cumbersome recovery processes, around 45% of businesses endured more than two days of downtime before their systems were back up and running.

It is clear that many SMBs will need additional help planning for, and dealing with, security incidents. The cybersecurity talent shortage is a contributing factor, as is lack of expertise.

A growing number outsource the job: Almost half (47%) of the IT professionals surveyed said their organisation relies on a managed service provider (MSP) or a managed security service provider (MSSP). With increasingly complex cyber threats, this percentage is likely to grow.

Chris Mckie is VP, Product Marketing Security & Networking Solutions at Datto

You Might Also Read: 

Cyber Security Tools For Your Small Business:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Human Error Is A Hacker's Dream
Creating Order Out Of WAF Management Chaos »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SecurityMetrics

SecurityMetrics

SecurityMetrics is leader in data security, PCI, and HIPAA compliance solutions

Federal Office For Information Security (BSI)

Federal Office For Information Security (BSI)

The BSI (Bundesamt fur Sicherheit in der Informationstechnik) is the federal cyber security agency and the chief architect of secure digitalisation in Germany.

Jetico

Jetico

Jetico provides pure & simple data protection software for all sensitive information throughout the lifecycle. Solutions include data encryption and secure data erasure.

Parsons

Parsons

Parsons has developed a converged security offering that combines cybersecurity, integrated network solutions, and critical infrastructure protection.

Gradiant

Gradiant

Gradiant’s mission is to contribute to the growth and competitive improvement of Galician businesses through technology development and innovation using ICT.

Tutamantic

Tutamantic

Tutamantic develops software that reduces security risks and weaknesses during the architectural and design stages.

Carbide

Carbide

Carbide (formerly Securicy) breaks down enterprise-class security and privacy requirements and makes them accessible to, and achievable by, companies of all sizes.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

Iron Bow Technologies

Iron Bow Technologies

Iron Bow Technologies is a leading IT solution provider dedicated to successfully transforming technology investments into business capabilities for government, commercial and healthcare clients.

Nexon Asia Pacific

Nexon Asia Pacific

Nexon solutions include cloud infrastructure and services, unified communications, managed security services, business continuity, secured high-performance network and business applications.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

Terra Quantum

Terra Quantum

Terra Quantum is a deep tech pioneer, developing revolutionary quantum applications to shape the technology of the future.

Riot Security

Riot Security

In today's world, most successful cyberattacks start by a human failure. Riot have developed a platform that makes it easy to prepare your employees for cyberattacks, in a way they love.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

CyXcel

CyXcel

CyXcel is a cyber security consulting business grounded in the law which natively fuses crises, legal, technical, and consulting expertise digital networks, information and operational technology.

Cork

Cork

Cork is a purpose-built cyber warranty company for managed service providers (MSPs) serving small businesses (SMBs) and the software solutions they manage.