Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

SMBs Eye Managed Security Solutions: Survey

Webroot commissioned Wakefield Research to query 600 SMB IT decision makers in the US, UK and Australia to discover current attitudes towards IT security among companies with less than 500 employees. Such companies are often thought to be more at risk of successful cyber-attacks because of smaller budgets, fewer IT staff, and fewer infosecurity products designed for the smaller company.

Webroot commissioned Wakefield Research to query 600 SMB IT decision makers in the US, UK and Australia to discover current attitudes towards IT security among companies with less than 500 employees. Such companies are often thought to be more at risk of successful cyber-attacks because of smaller budgets, fewer IT staff, and fewer infosecurity products designed for the smaller company.

The results of the survey (PDF) show the curious mixture of reality and wishful-thinking that often affects perception of infosecurity. For example, only 31% of US SMBs consider ransomware to be a major threat in 2017 — despite 49% being concerned about ‘new forms of malware’. In the UK, ransomware is considerd a bigger threat at 50%, with 59% worrying about new forms of malware. This is despite previous Webroot research (PDF) showing that over 60% of companies have already been affected by ransomware; while most analysts believe the threat is still increasing. 

Self-confidence is high. First, 72% of SMBs globally believe that they are at least “almost completely ready to manage IT security and protect against threats”; second, 89% of SMBs around the world believe they have staff who could successfully address and/or eliminate a cyber-attack; and thirdly, 87% are confident in their staff cyber security education.

“The lack of concern about ransomware is leaving a gaping hole in the security of global businesses, as witnessed by the recent outbreaks of WannaCry and not-Petya,” comments Adam Nash, Webroot’s EMEA regional manager. “This combined with the false sense of security when it comes to businesses’ ability to manage external threats is worrying.”

Nash believes that SMBs “can no longer afford to put security on the back burner and need to start engaging with the issues and trends affecting the industry.” It’s not as if they do not understand the costs. Asked about the estimated total cost of a cyberattack “where customer records or critical business data were lost”, US respondents replied with an average cost of $579,099.

This was the lowest figure. In the UK, it rises to $974,250; and to a colossal $1,509,938 in Australia.

Advertisement. Scroll to continue reading.

Outsourcing security is often seen as a solution to the budgetary and staffing problems of SMBs. “Enlisting the help and expertise of a Managed Security Services Provider,” comments Nash, “is one way to implement a secure, layered approach to combat external threats.” But it is not yet the norm, with only 13% of SMBs currently outsourcing. The rest use a mix of in-house and outsourced IT security support (37%), or fully in-house security (50%).

This is likely to change. Eighty percent of the respondents expect to use a third-party cyber security provider to manage security in 2017.

Despite an overt appearance of confidence in their own abilities, there seems to be an increasing acceptance of the value of outsourcing. Ninety percent of the respondents believe that outsourcing their IT solutions in the future would improve their security and enable them to address other areas of the business.

The net result highlighted by this survey is that there is a huge opportunity for MSSPs to tap into an awakening but yet unfulfilled demand in the SMB market.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

F5 has appointed Cathy Peterman as Chief People Officer.

Sean Murphy has joined F5 as a Field Chief Information Security Officer - North America.

CodeHunter has appointed Stephen McCarney as Chief Strategy Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.