Webroot Global Report: 71% of Small- to Medium-Sized Businesses Are Not Prepared for Cybersecurity Risks in 2017

Malware, Mobile, and Phishing Attacks Top the List of Businesses’ Security Concerns

BROOMFIELD, Colo. - August 1, 2017

Webroot, the market leader in endpoint security, network security, and threat intelligence, shared the results of a new global report, “Cyber Threats to Small- and Medium-Sized Businesses in 2017.” The study reveals 96 percent of small- to medium-sized businesses with 100 to 499 employees in the U.S., U.K., and Australia believe their organizations will be susceptible to external cybersecurity threats in 2017. Although businesses recognize the growing threats, 71 percent still admit not being ready to address them.

Explore the Results: www.webroot.com/us/en/business/landing/2017-msp-smb-survey

Key Global Findings:

  • IT decision makers (ITDMs) at small- to medium-sized businesses are most worried about new forms of malware infections (56 percent), mobile attacks (48 percent), and phishing attacks (47 percent).
  • Nearly two-thirds of ITDMs believe it would be more difficult to restore their company’s public image than to restore employee trust and morale.
  • ITDMs estimate a cyberattack in which their customer records or critical business data were lost would cost an average of $579,099 in the U.S., £737,677 in the U.K., and AU$1,893,363 in Australia.
  • Addressing the growing threat, 94 percent of ITDMs plan to increase their annual IT security budget in 2017, compared to 2016.
  • Businesses currently manage IT security in various ways. One-fifth of businesses have in-house employees whose responsibilities include IT security. Thirty-seven percent use a mix of in-house and outsourced IT security support, while only 23 percent have a dedicated in-house IT security professional or team.
  • Ninety percent of ITDMs believe outsourcing IT solutions would protect their organizations against threats and increase their bandwidth to address other areas of their business.
  • The current cybersecurity landscape and lack of preparedness of small- to medium-sized businesses represent a big opportunity for managed security providers (MSPs). Among businesses who do not currently outsource IT security support, 80 percent will likely use a third-party cybersecurity provider in 2017.

Key Quote:

Charlie Tomeo, Vice President of Worldwide Business Sales, Webroot

“This study illustrates the general lack of preparedness for security around the globe. Small- to medium-sized businesses face just as many threats as larger ones, but are often at a disadvantage because of their lack of resources. Given the recent spate of ransomware attacks, it is crucial for these companies to shore up their security and lean on the expertise of an MSP for a solution to combat threats from multiple vectors.”

Advice for Small- to Medium-Sized Businesses:

  • CROSS THOSE Ts: Being prepared is crucial. Create a plan of action to respond to any type of breach that includes outside resources, like an MSP, who you can call for assistance.
  • EMPLOYEE EDUCATION: Workers may not know how to avoid phishing and other types of attacks. Investing in regular security training is a great way to prevent attacks.
  • DON’T FORGET MOBILE: Employees’ mobile devices are doorways into business networks, and can leave them vulnerable to unseen risks. Reliable mobile security is essential to protect from malicious applications.
  • SPEND WISELY: Look to allocate any additional budget you may have where risks are highest. If you’re unsure, ask a security expert or your MSP where your vulnerabilities lie.
  • UPDATE SOFTWARE: Keep business devices up-to-date with the latest software and security patches.
  • BEWARE OF RANSOMWARE:  The U.S. is consistently one of the most phished nations, and phishing can lead to ransomware. Create a layered defense by implementing strong backup and business continuity plans.

Additional Resources:

Report Methodology:

Commissioned by Webroot and issued in conjunction with Wakefield Research, the survey was conducted among 600 IT decision makers at small- to medium-sized businesses with 100 to 499 employees in three countries: U.S., U.K., and Australia, between May 10 and May 24, 2017.

About Webroot

Webroot delivers endpoint security and network security and threat intelligence services to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world. Our award-winning SecureAnywhere® endpoint solutions, BrightCloud® Threat Intelligence Services, and FlowScape solution protect millions of devices across businesses, home users, and the Internet of Things. Webroot is trusted and integrated by market-leading companies, including Cisco, F5 Networks, Aruba, Palo Alto Networks, A10 Networks, and more.  Headquartered in Colorado, Webroot operates globally across North America, Europe, and Asia. Discover Smarter Cybersecurity solutions at www.webroot.com.


ウェブルートは Smarter Cybersecurityのソリューションプロバイダです。インテリジェントなエンドポイント保護および脅威インテリジェンス・サービスによって「モノのインターネット」(IoT=Internet of Things)のセキュリティを実現。クラウドベースで予測型の総合脅威インテリジェンス・プラットフォームを活用することによって、コンピュータ、タブレット、スマートフォン、そしてあらゆるデバイスをマルウェアや他のサイバー攻撃から保護しています。高い評価を受けているSecureAnywhereインテリジェント・エンドポイント保護とBrightCloud脅威インテリジェンス・サービスは、世界中で数千万台以上のエンドユーザ、企業、エンタープライズ機器を守っています。ウェブルートのテクノロジーは、業界トップリーダーであるCisco、F5 Networks、HP、Microsoft、Palo Alto Networks、RSA、Arubaなどのソリューションに採用され、高い信頼を得ています。本社を米国コロラド州に置き、北米、欧州、アジア環太平洋、日本でビジネス展開しています。Smarter Cybersecurityの詳細はウェブサイトhttps://www.webroot.com/jp/ja/ をご参照ください。