Back in 2013, a Faronics/Ponemon study found that lack of budget and poor security capability skills were the primary causes behind the generally poor state of cybersecurity in small and medium-sized businesses (SMBs). Dmitry Shesterin, Faronics’ VP of product management stated at the time, “the main reason I see, genuinely and honestly, they do not care — they concentrate on business.”
Now let us fast-forward to 2019 and little has changed — except that SMBs now do care. A new survey from Untangle indicates that 80% of small businesses now rank IT security as a priority for their business (slightly up from last year’s finding of just less than 80%). However, the other problems still remains: low or none-existant security budget aggravated by minimal or no IT security staff.
Untangle queried 300 SMBs, with the most common staff level between 25 and 300 personnel, for its 2019 SMB IT security report. It found that 29% of these companies have an annual security budget of less than $1,000 per year. Really? You’re gambling the security of your business on $1,000 per year!
Fifty-two percent have no dedicated security professional on staff, and instead distribute the responsibility across multiple other roles, many of which probably don’t have any experience in how to properly handle IT security.
SMBs owners need to realize that they are heavily targeted by cybercriminals, both in themselves and as part of the supply chain for larger organizations. According to the Verizon 2019 Data Breach Incident Report (DBIR), 58% of SMBs experienced a cyber incident in 2018. On top of that, SMBs are less likely to have the resources to fully recover from a serious incident. Guess what that means? – You’re Out of Business
Although SMBs do not have IT security in the forefront, they are heavily reliant on IT technology not only to run their business but to be competitive in the market. Fifty-one percent have up to 100 devices connected to their network which include desktops, laptops, smartphones, tablets, and IoT devices – which all contain vulnerabilities.
With such low security budgets there is little room to improve security. SMBs are now considering outsourcing their IT security issues to a MSSP (Managed Security Services Provider) such as RG Technologies. Using an outside IT security provider can help improve business efficiency and increase security at a relatively low cost compared to the total overhead of hiring in-house IT security staff.