Understanding the evolving threat landscape is the biggest cybersecurity challenge facing SMBs, including non-for-profit organizations – and more than half are calling for help to manage the risks, according to Sage.
Globally, 48% of SMBs have experienced a cybersecurity incident in the past year, while 26% of US SMBs have experienced more than one type of cyber breach.
75% of US SMBs say cyber threats are a major concern and 59% expect to increase their investment in cybersecurity in the coming year.
Top cyber breaches impacting US SMBs include DDoS attacks (21%), data loss (20%), ransomware attacks (16%) and credential theft (15%).
SMBs face soaring cyber threats
With cyber threats reaching an all-time high since 2018, knowing what is important, where to start and overcoming cost barriers is critical for SMBs that want to bolster their cyber resilience.
SMBs in the US recognize this, and 60% are turning to cybersecurity companies and trusted tech partners (49%) to educate and support them. 51% also believe industry bodies should help improve cybersecurity preparedness by supporting with education and training.
“Small businesses are increasingly becoming prime targets for cyber-attacks; however, they are struggling to keep up with the new techniques employed by threat actors given their lack of resources and funding. These circumstances reinforce the paramount importance of partners and experts in educating and empowering individuals within organizations to recognize and mitigate threats to confidently defend themselves. Sage’s research highlights this pressing need, and our approach at the Vaillance Group aligns with this imperative. With the right support, SMBs can navigate the complex cyber landscape with confidence and resilience,” said Shawnee Delaney, CEO, Vaillance Group.
Safeguarding business beyond the office
The foundational aspects of cybersecurity – like system patching, backing up data, access controls, two-factor authentication, asset oversight, and security monitoring – can still require specialist skills and tools to implement and operate.
It’s notable that 46% of SMBs don’t employ firewalls, even though 84% claim familiarity with them. On a global scale, 42% neglect to backup critical data.
Intriguingly, UK SMBs (62%) are more diligent in this regard compared to their US counterparts (55%).
SMBs exhibit less confidence when confronted with security jargon. Concepts like end-to-end encryption, ransomware, Bring Your Own Device (BYOD), and endpoint detection are the least well understood among the SMB community.
In today’s landscape where remote and hybrid work models are now commonplace, SMBs recognise the need to safeguard business conducted outside the conventional workplace environment.
73% have implemented systems to facilitate secure work from home, and for 63%, these systems are distinct from their in-office security. However, in the absence of dedicated IT or cyber security experts, there are valid concerns regarding SMBs’ ability to tackle specific remote working cyber security risks.
Cultivating cybersecurity culture
Major enterprises have long understood that securing a business requires a robust cybersecurity culture to complement their technical controls. When executed well, adopting a people-centric cybersecurity strategy — where businesses empower and trust employees to consistently make the right security decisions — can actually offset the need for expensive or burdensome security controls.
However, for SMBs, there seems to be a disconnect between their perception of what a good security culture is and the actual practices within their organizations.
“Cybercrime and threat actors do not discriminate – they have the potential to greatly impact the largest enterprise or the smallest mom-and-pop shop. In today’s interconnected world, every business, regardless of its scale, relies heavily on a digital presence which can be the ‘open door’ for cyber criminals to steal data that not only impacts you and your business but your customers as well,” said Aaron Harris, CTO, Sage.
“SMBs that shore up their cyber defences can demonstrate resilience, earn and retain customer trust, and set themselves apart as trustworthy partners in an increasingly competitive landscape. Their actions to protect themselves and their customers today will inspire a new culture of cyber defensiveness among SMBs for years to come,” added Harris.