SMBs Are Taking Cybersecurity More Seriously

Amongst a backdrop of mounting cybersecurity threats, small and medium-sized businesses (SMBs) have woken up to the risk that ransomware and malware pose for their organisation. Many are taking additional measures to protect themselves against attacks, according to a new survey by Datto, a Kaseya company.

In its annual State of Ransomware Report, nearly 3,000 IT professionals in SMBs across eight countries weighed in on the steps they are taking to protect themselves, from investing in more security products to utilising multiple security frameworks.

The key finding is that SMBs globally are actively investing in cyber protection. While on average, a fifth of the IT budget is dedicated to security, around 4 in 10 businesses (42%) are seeing their security budget increase and allocating additional resources.

The majority have implemented basic defences - anti-virus and email protection - and are now expanding their security strategy to other areas.

For example, nearly half (47%) of SMBs plan to invest in network security in the next 12 months, and 45% percent are looking to add cloud security. Further down the shopping list are security solutions for collaboration tools, endpoint security and Business Continuity and Disaster Recovery (BCDR).

While installing the right tools is important, SMBs also increasingly understand the need to proactively monitor their security posture. Nearly two thirds (62%) run vulnerability assessments at least twice a year, with more than a third (37%) scheduling them three or more times a year.

The CIS framework is the most used cybersecurity framework, with 34% of respondents utilising it. This is followed by CMMC (30%), COBIT (27%), and NIST (22%).

Investment In Cyber Insurance

Cyber insurance is a key consideration for SMBs as it can offset the repercussions of breaches. However, in the face of stricter regulations and growing threat volumes, cyber insurance is becoming harder to obtain, with some insurers stipulating that businesses need to have certain security controls in place in order to qualify. 

In the survey, over two thirds (69%) of respondents said they have cyber insurance in place, and 34% of those without insurance are likely to get it within a year. Fear of being hit by ransomware seems to be one of the drivers, as 42% of SMBs with cyber insurance believe it’s extremely likely that a ransomware attack will happen to them. Seven in 10 respondents admitted that a successful attack would seriously impact their organisation, with some saying it could be a fatal blow.

Overall, the survey found that organisations with cyber insurance tend to be more actively engaged in cybersecurity. They have more IT support, more frameworks (CSFs) and more security solutions. They’re also more likely to have experienced a security incident in the past.

Across the board, nearly a third of all respondents encountered computer viruses in the past year and 21% reported COVID-19 related scams or threats. As the main reason behind these security issues, 37% of SMBs cited phishing emails, followed by malicious websites and weak password and access management. However, around 42% feel they have had security issues due to lack of training and 24% said it was down to poor user practices and gullibility – indicating that there is room for improvement when it comes to building out their defence layers.

Lack Of Preparedness Is The Weak Spot

Despite the heightened awareness and increased investment in cyber protection, there is another area that could let SMBs down: planning for the worst-case scenario. Only 3 in 10 businesses have a best-in-class recovery plan in place. Around half (52%) rely on a standard plan and 16% admitted there is no formal recovery plan, leaving them wide open to complete data loss and major business interruption. Perhaps this explains why nearly half of respondents (47%) say their companies would find recovery from a cyberattack difficult – and 16% fear that their business would not recover at all.

In fact, downtime is an expensive problem that nearly half of survey respondents have encountered in the past year.

In 2022, the average cost of downtime was 126,000 USD, including lost revenue. An eyewatering figure, but many SMBs still don’t have the tools to minimise downtime, such as a unified BCDR solution, a managed security operations centre (SOC) or an incident response strategy.

Just under half (49%) of surveyed SMBs relied on manual backups to recover data during an incident, and one fifth were forced to reinstall and reconfigure all systems from scratch. With slow and cumbersome recovery processes, around 45% of businesses endured more than two days of downtime before their systems were back up and running.

It is clear that many SMBs will need additional help planning for, and dealing with, security incidents. The cybersecurity talent shortage is a contributing factor, as is lack of expertise.

A growing number outsource the job: Almost half (47%) of the IT professionals surveyed said their organisation relies on a managed service provider (MSP) or a managed security service provider (MSSP). With increasingly complex cyber threats, this percentage is likely to grow.

Chris Mckie is VP, Product Marketing Security & Networking Solutions at Datto

You Might Also Read: 

Cyber Security Tools For Your Small Business:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Human Error Is A Hacker's Dream
Creating Order Out Of WAF Management Chaos »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cybint Solutions

Cybint Solutions

Cybint provides customized cyber education and training solutions for Higher Education, Companies and Government.

Myra Security

Myra Security

The fully automated Myra DDoS Protection reliably protects web applications, websites, DNS servers, and IT infrastructures.

Travelers

Travelers

Travelers is a leading writer of US commercial property casualty insurance and one of the world’s largest global insurers for cyber insurance.

BEAM Teknoloji

BEAM Teknoloji

BEAM Technology is an independent Software Quality and Security Testing Center in Turkey.

Eperi

Eperi

Eperi is a leading provider of Cloud Data Protection (CDP) solutions with 15 years of experience in data encryption for databases, (SaaS) applications and files.

Open Cloud Factory

Open Cloud Factory

Open Cloud Factory is a European based security company, that strives to ease the pressure on IT managers, by providing tools to implement your Security Strategy in an effective and easy manner.

Hallam-ICS

Hallam-ICS

Hallam-ICS designs MEP systems for facilities and plants, control and automation solutions, and ensures safety and regulatory compliance.

National CyberWatch Center

National CyberWatch Center

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

360° Online Brand Protection

360° Online Brand Protection

360° Online Brand Protection have developed a response to monitor counterfeiting and piracy activity at the online point of sale.

CySecK

CySecK

CySecK is a Centre of Excellence in Cybersecurity formed in 2017 by the Government of Karnataka, as part of the Technology Innovation Strategy.

Evo Security

Evo Security

Evo Security is an Identity and Access Management company focused exclusively on serving MSPs, MSSPs and their SMB and Mid-Market customers.

ADNET Technologies

ADNET Technologies

ADNET Technologies is a SOC 2, Type II Compliant IT management and cybersecurity firm.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

Assetnote

Assetnote

The Assetnote platform enables organizations to effectively map and continuously monitor their external attack surface.

Clarity

Clarity

Clarity is an AI cybersecurity startup that protects against deepfakes and new social engineering and phishing attack vectors accelerated by the rapid adoption of Generative AI.