Techaisle’s worldwide survey of N=5505 SMBs covering 1-999 employee size segment reveals that 34% of small businesses (1-99 employees size segment) experienced one or more cyberattacks in the last one year. The percent jumps to over 50% when mobility security attacks and internal malicious thefts are included. Technology is to businesses in the 21st century what roads and assembly lines were in the 20th: the platform on which all processes are based, on which all business is conducted. But with the limitless potential of IT/business infrastructure comes a vast and growing set of threats. Small businesses cannot simply rely on regulators or the ‘rules of the road’ (from telcos or hyperscale cloud providers) for protection – they need to take action to safeguard their customers, their staff, their devices and their confidential corporate information.
Large enterprises have the means to hire SWAT teams of infosec professionals. But what can and should smaller businesses do, to grasp the potential of technology without opening themselves up to cyber threats? Survey data shows that only 3% of small businesses have full-time internal dedicated IT security staff. Let that data point sink in. Regardless of the relatively tiny presence of security staff, as compared to 87% within midmarket firms and 100% in enterprise segment, 55% of small businesses are currently handling their security needs internally and if the projected plans are followed-through then it will increase by another 25%. However, small businesses are not naïve. 61% are also outsourcing either all or some of their security needs to MSPs and other channel partners and plan to increase their outsourcing commitment by 41%. For 37% of small businesses, insufficient IT budget is a major constraint towards seeking outside expert advice, deployment and security management. Although 55% of small businesses are confident about recovering from a cybersecurity incident, 32% are quick to admit that they need external services to define an overall security strategy, help select right-fit security technology/products and assist in determining the risks faced by the organization.
The next question is - what worries small business executives?
To answer the question, we need to understand small business cloud adoption. One of the technologies that has become most important to the efficiency, growth and competitiveness strategies of small businesses is cloud computing. Adoption of cloud is widespread in small businesses and in the small business world, concern about cloud security is nearly as ubiquitous as cloud itself. 40% of small businesses surveyed worry that continued accelerated use of cloud puts them at high risk and 27% believe that increase in mobility usage makes them susceptible to security threats. These two threat vectors sync well with their experiences in cyberattacks and mobile security breaches (mentioned at the top of the article). Slightly over half of small businesses surveyed are worried about hijacking of user accounts in public clouds, a percentage that has gone up from 36% in 2018 to 45% in 2019 and recent survey pegs it at 52%. Phishing is a top a of mind issue for 41% of small business which is followed by 39% who believe that vulnerabilities in public cloud may put impact their customers’, employees’ and partners’ trust and reputation. A review of cloud security threats and mitigation options available to small businesses illustrates the fact that while cloud brings unique challenges, the measures used to address the expanded threat profile are consistent with those that would represent good practice in any infrastructure context.
Granted that that there are too many security suppliers but vendor choice is not the issue that is holding back the small businesses from safeguarding their organizations from cybersecurity threats. Complexity is. Cloud and other advanced solutions increase complexity, and for small businesses complexity results in increased uncertainty and risk, including IT security risk. The data above points to a seemingly-endless variety of threat sources and substantial risk to customer relationships, company reputation and financial viability – as well as the potential for legal and regulatory exposure. It is no wonder that small businesses feel overwhelmed by the challenges of security across their business operations, and especially, in the cloud. However, while the issues are real, there are actions that small businesses can take – and are taking – to unlock cloud’s benefits by managing risk. Techaisle’s SMB & Midmarket security adoption research shows that businesses are protecting information, corporate systems and users by encrypting data and networks. They are deploying intrusion detection and prevention solutions and access control technologies to guard against intruders. They are using internal data boundaries and setting (and enforcing) security policies to develop management responses to issues before they represent threats to customers or business viability.
SMBs, as a whole segment (as opposed to small businesses – the focus of this article), aren’t simply relying on ‘security through obscurity’ – hoping that attackers will overlook them and choose a different target. SMBs are taking action to safeguard their increasingly IT-dependent businesses against cloud and other digital threats. Every day, SMBs are investing in the technologies and skills needed to move forward in the digital economy.
Many security reports end up positioning IT security as something akin to insurance – a ‘necessary evil’ that demands investment as a means of managing risk associated with a worst-case scenario.
Techaisle’s research reports have a different objective. It is clear from the data that technology matters to the achievement of highest-priority business objectives. Key solutions – such as cloud – provides capabilities that SMBs need to boost competitiveness in current economy. And security isn’t a ‘worst case’ for advanced solutions. SMBs that are able to align attention to security with differentiating technologies can capture opportunity more rapidly than competitors. Effective management of security technologies and processes allows SMBs to move ahead rapidly with solutions like cloud that contribute to efficiency and growth.
And small businesses are doing just that – aligning their attention to security. A follow-up Techaisle global survey on the impact of pandemic on IT investments shows that 61% of small businesses are increasing investments in security solutions as compared to 22% who are either decreasing or delaying their investments.
Detailed reports are available for individual purchase or are delivered as a component of Techaisle’s annual subscription service.
2020 US SMB & Midmarket Security Adoption Trends
2020 Europe SMB & Midmarket Security Adoption Trends