Only 37 per cent of SMBs think they can manage IT security

A new report, “Are Organisations Completely Ready to Stop Cyberattacks?,” (PDF) reveals small to medium sized businesses (SMBs) lack the resources they need to protect themselves against malware attacks. Commissioned by Webroot and in partnership with Wakefield Research, the study indicates just 37 per cent of IT decision makers surveyed in the US, the UK, and Australia believe their organisations are completely ready to manage IT security and protect against threats.

According to the survey, IT employees at nearly 1 in 3 companies (32 per cent) juggle security along with their other IT responsibilities. This leaves employees stretched thin and unable to devote the necessary time to many critical cybersecurity tasks. Instead of taking a more proactive approach, these companies are often left on the defensive.

The vast majority of SMBs do not have security budgets remotely comparable to those of large (and previously breached) enterprises, such as J.P. Morgan, Target, and Anthem. In fact, according to the study, nearly 60 per cent of respondents think their business is more prone to cyberattacks because they have too few resources for maintaining their defences.

Almost half (48 per cent) think their company is vulnerable to insider threats, such as employees. Following that, 45 per cent believe they are unprepared for unsecured internal and external networks, such as public WiFi, and 40 per cent for unsecured endpoints, such as computers and mobile devices. All of the conduits cited should be cause for concern; within the past few years, hackers have exploited them to execute a number of high profile breaches.

The survey respondents’ lack of confidence may be due to a reliance on outdated, traditional antivirus tools, many of which depend on large threat signatures downloads and system-intensive scans. Statistically, the US, UK, and Australia only differed by a few percentage points overall, when it came to the pain points being examined. Still, there were a few notable differences:

  • Just 50 per cent of respondents in the US feel they don’t have time to stay abreast of the latest cybersecurity threats, as compared to 61 per cent in Australia and 55 per cent in the UK
  • Respondents in the US and UK expressed more confidence in their endpoint protection capabilities (63 per cent) than Australian respondents (55 per cent)
  • When it comes to money lost due to a potential cyberattack in 2016 (due to compromised customer records or critical business data), US SMBs feel the most pain. In the US, respondents estimated their businesses would lose an average of $522,602; in the UK, £215,910 (about $326,000); and in Australia, AUD 433,010 (about $341,000)

Overall, 81 per cent of respondents plan to increase their annual IT security budget for 2016, by an average of 22 per cent. Respondents are also very open to other strategies for improvement, with an overwhelming 81 per cent also in agreement that outsourcing IT solutions (including cybersecurity endeavours) would increase their bandwidth to address other areas of their business.

Achieving a stronger security posture through outsourced cybersecurity should first involve due diligence in identifying a managed service provider (MSP) that delivers solutions that meet the necessary criteria, the report suggests. The most promising MSPs are those who offer platforms that leverage cloud-based security architecture, thereby allowing SMBs to implement protection without investing in new infrastructure or being burdened by upfront deployment and management costs.