New Research Highlights Importance of Cybersecurity in Small, Medium Businesses

Cybersecurity is an important investment for all businesses and organizations, regardless of size. As someone at a small or mid-size business, you may think that small businesses are less-tempting targets for cybercriminals — but the opposite is actually true. For example, Barracuda reports that companies with fewer than 100 employees are 350% more likely to suffer social engineering attacks than their enterprise counterparts.

Devolutions released its third consecutive State of Cybersecurity in SMBs 2022-2023 report. This year’s latest research, which was released Oct. 11, highlights that 60% of small and mid-size businesses experienced one or more cyberattacks over the last year: One in four (42%) indicate that they’ve faced upwards of five attacks in the last year Almost one-fifth (18%) experienced five or more attacks within the same period We’ve picked the five most relevant data points from Devolutions’ SMB research that we think will be of interest to our readers.

Top Takeaway: SMBs Rank Ransomware as Their Biggest Cybersecurity Threat
81% of Devolutions’ survey respondents view ransomware as their businesses’ biggest security threat. This is followed by phishing (69%) and other types of malware (38%). In some aspects, it’s no surprise because ransomware is a major threat because it often results in the encryption or destruction of victims’ data (even when the victims pay the demanded ransom). In some cases, ransomware attacks are multi-pronged because attackers also attack victims’ data backups to cause additional damage or demand a second ransom payment.

Takeaway #2: Nearly One-Third of Businesses Earmark <5% of IT Budget to Security
A disturbing statistic from Devolution’s report that really stuck out to me is that 32% of small and mid-size businesses dedicate less than one-twentieth (1/20) of their IT budget to IT security. Now, consider that Connectwise reports that 69% of their survey respondents admit they’re concerned one bad cyber attack could permanently force them to close their doors. Knowing this concern and being aware that nearly one-third of organizations dedicate only 5% of their overall IT budgets to security sends the message that companies aren’t putting in much of an effort to prevent such an attack from happening.

Takeaway #3: By and Large, Organizations Want to Increase Their IT Budget Spending
Now, let’s see what organizations are doing in terms of increasing or decreasing their IT security budgets. 49% report that they’re spending more this year on IT security than they did last year. Awesome. But this stat is tempered when you consider that 51% indicate that their budgets either decreased (6%) or remained unchanged (45%) from the previous year.

Takeaway #4: Organizations Are Starting to See the Light Regarding Password Security
Passwords are the keys to the kingdoms of most small and mid-size organizations. These are the secrets that provide access to user accounts and give access to everything from banking and finance accounts to employees’ personal records data. Comparitech, citing LastPass data, shows that small business employees are the biggest offenders when it comes to demonstrating poor password security: “Those working for companies with 1-25 staff reuse passwords an average of 14 times.”

Takeaway #5: 56% of SMBs Are Content to Maintain IT Security Staffing Status Quo
Our final data point from the Devolutions report focuses more on the employees themselves: 38% of the survey respondents indicated that their organizations brought new employees on board since the start of the global COVID-19 pandemic (i.e., early 2020) to address IT security needs and concerns. Another 6% say they’re working with external service providers to achieve the same. The remaining 56% of respondents indicate that they’ve not hired any new cyber or IT security-related employees since early 2020.