SMB's security spending is not keeping up with threats
A survey of over 1,200 cybersecurity decision-makers from small and medium-sized businesses in Europe and North America shows 74 percent believe that they are more vulnerable to cyberattacks than enterprises.
The study from ESET also reveals that 70 percent of businesses surveyed admit that their investment in cybersecurity hasn't kept pace with recent changes to their operational models such as hybrid working.
The top three challenges identified by North American SMBs are an inability to keep up with the latest cybersecurity threats (54 percent), keeping up with the latest cybersecurity approaches and technologies (50 percent), and budget limitations/lack of investment in cybersecurity (49 percent).
In the light of this it's no real surprise that 51 percent of the respondents in North America describe themselves as being not at all confident or only slightly confident in their cybersecurity resilience over the upcoming 12 months. The top factors impacting the risk of a cyberattack in the next year, in their view, are a lack of employee cybersecurity awareness, continued hybrid or home working, and migrating services to the cloud.
"Earlier this month, it was reported that financial institutions witnessed over $1 billion in potential ransomware-related payments in 2021 -- more than double the amount from 2020 and the most ever reported – and yet our research shows that SMBs are not investing enough in cybersecurity solutions, services or employee awareness," says Ryan Grant, vice president of sales for ESET North America. "Many are not following basic cybersecurity best practices, such as using multifactor authentication, updating software regularly and conducting regular cybersecurity audits. This is why ESET continues to invest in, and make available, foundational cybersecurity awareness resources, the latest threat data and intelligence and a comprehensive suite of security solutions to protect companies."
There are interesting geographical variations, 74 percent of US respondents compared to 56 percent of Canadian respondents say they have experienced or acted on strong indications of a data security incident or breach in the last 12 months. 43 percent of US respondents note they had more than one incident in the same time period with only 28 percent of Canadian respondents saying the same.
"What the data suggests is that Canadian businesses are experiencing fewer data breaches which could be due to the power of good privacy legislation that includes the requirement for cybersecurity," says Tony Anscombe, chief security evangelist for ESET. "The data provides a clear indication of a disconnect between the cyber threat faced by small and medium sized businesses and the investment they are making in cybersecurity. With the current efforts by enterprises, critical infrastructure and governments to improve their cybersecurity, cybercriminals are likely to shift their efforts to lower-tier targets in order to monetize their activities -- making it essential for SMBs to improve their cybersecurity posture."
You can find out more on the ESET site.