“State of IT Security for SMBs” Report Points to Adequate IT Security as Fundamental to Ensuring Business Survival
Today, software developer Devolutions announced results from its third annual survey, which looked at the state of IT security for companies that identify as SMBs. The results from the survey are packaged in a new report titled, “The State of IT Security for SMBs in 2022-2023.”
Cyberattacks and other threats are not limited to large organizations. In fact, SMBs are frequently targeted due to their often vulnerable IT security defenses, particularly related to remote workers. Given the severe – and potentially catastrophic – consequences of even a single data breach, it might seem safe to assume that all SMBs are implementing what are now considered fundamental, basic IT security measures. However, the new Devolutions report revealed otherwise – with only 18% of SMBs checking all the requisite IT security boxes – and 13% not implementing any essential IT security measures at all. Commented Devolutions CEO David Hervieux, “For SMBs, paying attention to IT security is not just a technology issue – it is fundamental to ensuring business survival.”
The report contains key findings and trends as well as recommendations for SMBs moving forward, including a closer look at measures that will help them institute safeguards in an increasingly dangerous threat landscape. The following are some notable takeaways from the survey data and resulting report.
Remote Workforce Challenges
75% of SMBs surveyed are allowing some or all employees to work hybrid, placing a heavier burden on security due to the expanded size of the attack surface. This calls for businesses to be proactive in addressing vulnerabilities to ensure that remote work is safe and compliant. Respondents were asked to share their most challenging issues with a remote workforce. The majority of responses related to four types of challenges: security, efficiency, governance and cost.
Cybersecurity Still a Significant Issue
The survey found that 67% of respondents are more concerned about IT security now compared to a year ago. Top concerns include ransomware (81%), phishing (69%) and malware (38%). It also revealed that 60% of SMBs have experienced at least one cyberattack over the last year and 18% have experienced six or more. Yet 44% of respondents indicated that they do not have a comprehensive and updated cybersecurity incident response plan in place.
PAM – The Keys to the Kingdom
Frequently referred to as “the keys to the kingdom,” Privileged Access Management (PAM) is a critical component of a comprehensive IT security program because it governs access to highly valuable, confidential and proprietary information that is often targeted by hackers and rogue users. Companies that prioritize PAM as part of their overall IT security program benefit in several ways, including a reduction in security risk and overall size of the attack surface, lowered operational costs and complexity, increased visibility and situational awareness, and improved regulatory compliance.
While 98% of respondents said they are managing access to privileged accounts, only 12% indicated they had a fully deployed PAM solution in place. Added Hervieux, “We’ve had countless SMBs tell us that deploying a full PAM solution is too expensive or complicated and what they have is ‘good enough’ – but it’s just not the case. In the report’s recommendations, we discuss what PAM features and functions are appropriate for SMBs as well as best practices for governing privileged accounts and credentials. It doesn’t have to break the bank to be effective.”
Budgets Trending Upward
A positive development in this year’s report? Budgets. It’s widely recommended that SMBs allocate between 6-15% of their organization’s IT budget to IT security. The survey found that 68% of SMBs fall in that recommended 6-15% budget range. This is significantly higher than what was reported in last year’s survey, which found that just 32% of SMBs were allocating 6-15% of their overall IT budget to IT security. The survey also revealed that 46% of SMBs plan on increasing their IT security spending in the next 12 months, while 48% plan on spending about the same on IT security over the next year. This means that SMBs are taking the threats against them seriously and planning accordingly.
Role of MSPs
The widespread IT security skills shortage is increasing. In fact, according to data compiled by Cybersecurity Ventures, there will be an estimated 3.5 million IT security jobs unfilled worldwide by 2025 – up from one million in 2014. And while remote work is enabling SMBs to find experienced professionals outside of their local geographic labor market, the price for these individuals is surging. The bottom line for many businesses is that partnering with an MSP is an affordable way to maintain a strong and compliant IT security profile. And in turn, many MSPs that have traditionally focused on serving large organizations are realizing that SMBs are an untapped and rewarding market.
For more information about Devolutions and their solutions, please visit devolutions.net. To download a copy of the “The State of IT Security for SMBs in 2022-2023, visit this link and to access an infographic that details stats and key findings from the report, visit this link.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!