Nearly three-quarters of SMEs are not prepared for cyber security risks

News   •   Aug 09, 2017 09:00 BST

Nearly all (96%) of small to medium-sized enterprises (100 to 499 employees) in the US, UK, and Australia believe their organizations will be susceptible to external cyber security threats in 2017, according to a study by Webroot. Yet, although businesses recognise the growing threats, 71% still admit not being ready to address them.

Cyber Threats to Small and Medium-Sized Businesses in 2017 showed that IT decision makers (ITDMs) at small to medium-sized businesses are most worried about new forms of malware infections (56%), mobile attacks (48%), and phishing attacks (47%). ITDMs estimate a cyber attack in which their customer records or critical business data were lost would cost an average of $579,099 in the US, £737,677 in the UK, and AU$1,893,363 in Australia.

Nearly two-thirds of ITDMs believe it would be more difficult to restore their company’s public image than to restore employee trust and morale.

Addressing the growing threat, 94% of ITDMs plan to increase their annual IT security budget in 2017, compared to 2016.

Businesses currently manage IT security in various ways. One-fifth of businesses have in-house employees whose responsibilities include IT security. 37% use a mix of in-house and outsourced IT security support, while only 23% have a dedicated in-house IT security professional or team.

The current cyber security landscape and lack of preparedness of small- to medium-sized businesses represent a big opportunity for managed security providers (MSPs). Among businesses who do not currently outsource IT security support, 80% will likely use a third-party cyber security provider in 2017.

Charlie Tomeo, Vice President of Worldwide Business Sales at Webroot, commented; “This study illustrates the general lack of preparedness for security around the globe. Small to medium-sized businesses face just as many threats as larger ones, but are often at a disadvantage because of their lack of resources. Given the recent spate of ransomware attacks, it is crucial for these companies to shore up their security and lean on the expertise of an MSP for a solution to combat threats from multiple vectors.