Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

SMBs Eye Managed Security Solutions: Survey

Webroot commissioned Wakefield Research to query 600 SMB IT decision makers in the US, UK and Australia to discover current attitudes towards IT security among companies with less than 500 employees. Such companies are often thought to be more at risk of successful cyber-attacks because of smaller budgets, fewer IT staff, and fewer infosecurity products designed for the smaller company.

Webroot commissioned Wakefield Research to query 600 SMB IT decision makers in the US, UK and Australia to discover current attitudes towards IT security among companies with less than 500 employees. Such companies are often thought to be more at risk of successful cyber-attacks because of smaller budgets, fewer IT staff, and fewer infosecurity products designed for the smaller company.

The results of the survey (PDF) show the curious mixture of reality and wishful-thinking that often affects perception of infosecurity. For example, only 31% of US SMBs consider ransomware to be a major threat in 2017 — despite 49% being concerned about ‘new forms of malware’. In the UK, ransomware is considerd a bigger threat at 50%, with 59% worrying about new forms of malware. This is despite previous Webroot research (PDF) showing that over 60% of companies have already been affected by ransomware; while most analysts believe the threat is still increasing. 

Self-confidence is high. First, 72% of SMBs globally believe that they are at least “almost completely ready to manage IT security and protect against threats”; second, 89% of SMBs around the world believe they have staff who could successfully address and/or eliminate a cyber-attack; and thirdly, 87% are confident in their staff cyber security education.

“The lack of concern about ransomware is leaving a gaping hole in the security of global businesses, as witnessed by the recent outbreaks of WannaCry and not-Petya,” comments Adam Nash, Webroot’s EMEA regional manager. “This combined with the false sense of security when it comes to businesses’ ability to manage external threats is worrying.”

Nash believes that SMBs “can no longer afford to put security on the back burner and need to start engaging with the issues and trends affecting the industry.” It’s not as if they do not understand the costs. Asked about the estimated total cost of a cyberattack “where customer records or critical business data were lost”, US respondents replied with an average cost of $579,099.

This was the lowest figure. In the UK, it rises to $974,250; and to a colossal $1,509,938 in Australia.

Outsourcing security is often seen as a solution to the budgetary and staffing problems of SMBs. “Enlisting the help and expertise of a Managed Security Services Provider,” comments Nash, “is one way to implement a secure, layered approach to combat external threats.” But it is not yet the norm, with only 13% of SMBs currently outsourcing. The rest use a mix of in-house and outsourced IT security support (37%), or fully in-house security (50%).

This is likely to change. Eighty percent of the respondents expect to use a third-party cyber security provider to manage security in 2017.

Despite an overt appearance of confidence in their own abilities, there seems to be an increasing acceptance of the value of outsourcing. Ninety percent of the respondents believe that outsourcing their IT solutions in the future would improve their security and enable them to address other areas of the business.

The net result highlighted by this survey is that there is a huge opportunity for MSSPs to tap into an awakening but yet unfulfilled demand in the SMB market.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

SecurityWeek speaks with two leading CISOs in the aviation industry – Mitch Cyrus of Honda Aircraft, and Mark Ferguson of Bombardier.