SMBs Finally Investing More in Cybersecurity

A survey of 700 IT and business decision-makers found the bulk of small-to-medium businesses (SMBs) plan to increase investments in cybersecurity over the next 12 months, even though two-thirds of respondents admitted they lacked the in-house expertise needed to defend themselves.

Conducted by ConnectWise, a provider of a management platform for providers of IT services, the survey also found nearly three-quarters (73%) of report respondents conceding their organization has reached a cybersecurity tipping point that demands action, with 43% now identifying cybersecurity as being one of their top three priorities.

Well over two-thirds of respondents said they are concerned a serious cybersecurity attack could put them out of business. Less than a third (30%) have some form of cyberinsurance policy currently in place. Top areas of concern are remote devices or employees being breached (75%), customer data being breached (74%) and IT system downtime (73%), the survey found.

Only 40% considered their organization to be very well protected against customer data being breached, with 41% saying the same about IT system downtime. Only 22% said they are completely confident their organization’s cloud services are secure.

More than three-quarters of respondents (76%) said their organization has been impacted by at least one cybersecurity attack in 2021, with 31% citing board-level pressure as influencing the level of cybersecurity investments being made. Those investments are being made to reduce risk (46%) and help to increase customer trust levels (42%), the survey found.

The most common security tools and practices in place are firewalls or antivirus software (53%), compliance security policies (52%) and security awareness training and education (46%). However, only about half have implemented all three tools and best practices, the survey found.

Raffael Marty, general manager for cybersecurity at ConnectWise, said that pressure combined with a chronic shortage of cybersecurity expertise will push SMBs to rely more on IT service providers to manage cybersecurity. An MSP, after all, is still the most cost-effective way to ensure cybersecurity for SMB organizations that don’t have the same level of financial resources as a large enterprise, he noted.

A full 89% of respondents said they are already employing a managed service provider (MSP) for IT services. A total of 43% of respondents either rely on all or the majority of outsourced IT services, with more than half (51%) predicting this will be the case in five years as well.

However, 42% also noted they plan to change to a different one in the near future. A full 94% said they would consider using or moving to a new MSP if they offered the “right” cybersecurity solution. Well over a third (39%) said they would be willing to pay a new MSP extra each year if they were able to provide the right cybersecurity solution.

Key factors for evaluating MSPs include confidence in the MSP ability to respond to security incidents (54%), capability/certifications of MSP resources/technicians (47%), trust in the MSP ability to deliver against the offering (46%), confidence that the MSP could help to minimize damage/loss (44%) and brand name recognition of MSP offerings (37%).

A full 84% said they would consider taking legal action against their MSP in the event of a cybersecurity attack.

The challenge, of course, is that as cyberattacks continue to increase in volume and sophistication, the odds that there won’t be at least one significant breach in any given year are zero.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 766 posts and counting.See all posts by mike-vizard

Secure Coding Practices