A new report, “Are Organizations Completely Ready to Stop Cyberattacks?,” reveals small to medium sized businesses (SMBs) lack the resources they need to protect themselves against malware attacks. Commissioned by Webroot, the market leader in intelligent cybersecurity for endpoints and collective threat intelligence, and in partnership with Wakefield Research, the study indicates just 37% of IT decision makers surveyed in the US, the UK, and Australia believe their organizations are completely ready to manage IT security and protect against threats. Although the current SMB cybersecurity picture may seem bleak, the survey also points to some promising developments.
Jacks of All Trades, Masters of None
At the majority of small to medium businesses, IT teams are expected to handle all cybersecurity management and concerns. According to the survey, IT employees at nearly 1 in 3 companies (32%) juggle security along with their other IT responsibilities. This leaves employees stretched thin and unable to devote the necessary time to many critical cybersecurity tasks. Instead of taking a more proactive approach, these companies are often left on the defensive—not an optimal scenario in today’s world of zero-day attacks, phishing scams, social engineering attempts, and malicious websites.
Lack of Resources
Defending a company from cyberattacks is inherently challenging, and made even more so by budgetary constraints. The vast majority of SMBs do not have security budgets remotely comparable to those of large (and previously breached) enterprises, such as J.P. Morgan, Target, and Anthem. In fact, according to the study, nearly 60% of respondents think their business is more prone to cyberattacks because they have too few resources for maintaining their defenses.
Underprepared and Vulnerable
IT decision makers can point to specific areas in which they feel underprepared. According to the survey, almost half (48%) think their company is vulnerable to insider threats, such as employees. Following that, 45% believe they are unprepared for unsecured internal and external networks, such as public WiFi, and 40% for unsecured endpoints, such as computers and mobile devices. All of the conduits cited should be cause for concern; within the past few years, hackers have exploited them to execute a number of high profile breaches. The survey respondents’ lack of confidence may be due to a reliance on outdated, traditional antivirus tools, many of which depend on large threat signatures downloads and system-intensive scans.
Statistically, the US, UK, and Australia only differed by a few percentage points overall, when it came to the pain points being examined. However, a closer look revealed some interesting gaps. For example:
- Just 50% of respondents in the US feel they don’t have time to stay abreast of the latest cybersecurity threats, as compared to 61% in Australia and 55% in the UK
- Respondents in the US and UK expressed more confidence in their endpoint protection capabilities (63%) than Australian respondents (55%)
- When it comes to money lost due to a potential cyberattack in 2016 (due to compromised customer records or critical business data), US SMBs feel the most pain. In the US, respondents estimated their businesses would lose an average of $522,602; in the UK, £215,910 (about $326,000); and in Australia, AUD 433,010 (about $341,000)
What can SMBs do?
Overall, 81% of respondents plan to increase their annual IT security budget for 2016, by an average of 22%. Respondents are also very open to other strategies for improvement, with an overwhelming 81% also in agreement that outsourcing IT solutions (including cybersecurity endeavors) would increase their bandwidth to address other areas of their business.
Achieving a stronger security posture through outsourced cybersecurity should first involve due diligence in identifying a managed service provider (MSP) that delivers solutions that meet the necessary criteria. The most promising MSPs are those who offer platforms that leverage cloud-based security architecture, thereby allowing SMBs to implement protection without investing in new infrastructure or being burdened by upfront deployment and management costs.
"SMBs play a pivotal role in helping drive the economies of all the countries polled, but past experiences have taught them they face an uphill battle when it comes to cybersecurity," said George Anderson, director of product marketing at Webroot. "This perception must change. A viable alternative to the ‘go at it alone’ standard is an outsourced approach in combination with Smarter Cybersecurity™ solutions that are easy to install and manage remotely, and provide real-time protection against modern threats."
For a copy of the report, which includes a more detailed analysis of the survey findings, visit http://www.webroot.com/SMBThreatReport.
The Webroot SMB Cybersecurity Survey was conducted by Wakefield Research among 300 IT decision-makers in the U.K., 200 IT decision-makers in the U.S., and 200 IT decision-makers in Australia from SMBs between October 28th and November 12th, 2015, using an email invitation and an online survey.
Results of any sample are subject to sampling variation. The magnitude of the variation is measurable and is affected by the number of interviews and the level of the percentages expressing the results.