Research: Most North American SMBs Outsource Cybersecurity Management to Third Parties
Roughly six in 10 small to medium-sized businesses (SMBs) in the U.S. outsource their cybersecurity management to third parties, such as managed security service providers (MSSPs), said ESET, an antivirus/antimalware provider, in its newly released 2022 SMB Digital Security Sentiment Report.
The report, which surveyed some 1,200 cybersecurity decision makers from SMBs in North America and Europe, gleaned data from interviews conducted in 12 countries. One-quarter of the total respondents were based in North America.
Examining the Data
In North America, 37% of SMBs look for security providers that understand small businesses and 35% seek vendors who offer a unified single view across multiple tools and attack vectors. Some 30% look for customer service-conscious outsource providers.
According to the data, 74% of SMBs in North America and Europe believe that they are more vulnerable to cyberattacks than are enterprises. Some 70% of businesses surveyed acknowledged that their investment in cybersecurity has not kept pace with recent changes to their operational models such as hybrid working.
In the last 12 months, nearly three in four U.S. respondents and more than half of Canadian respondents have experienced or acted on strong indications of a data security incident or breach. About 43% of U.S. respondents have been hit by more than one incident in the same time period as compared to 28% of Canadian respondents.
Commenting on the report, Tony Anscombe, chief security evangelist for ESET, said:
“What the data suggests is that Canadian businesses are experiencing fewer data breaches, which could be due to good privacy legislation that includes the requirement for cybersecurity. The data provides a clear indication of a disconnect between the cyber threat faced by SMBs and the investment they are making in cybersecurity.”
Challenges, Concerns and More
The top three cybersecurity challenges North American SMBs face:
- An inability to keep up with the latest cybersecurity threats (54%)
- Keeping up with the latest cybersecurity approaches and technologies (50%)
- Budget limitations/lack of investment in cybersecurity (49%)
Slightly more than half (51%) of the respondents in North America describe themselves as being not at all confident/slightly confident in their cybersecurity resilience over the upcoming 12 months.
On SMBs and Microsoft Remote Desktop Protocol (RDP) security concerns:
- Even though 75% of North American respondents view Remote Desktop Protocol (RDP) as a top factor impacting the risk of cyberattacks in the next 12 months, 77% will continue to use it.
- Almost 50% (49%) of respondents are not protecting logins with multi-factor authentication (MFA) and only 52% keep remote access tools up to date.
On security audits.
- Under 50% (49%) of companies surveyed in the U.S. have conducted a cybersecurity risk audit in the last 12 months versus 60% of Canadian SMBs.
- 7% of U.S. and 18% of Canada respondents have never conducted an audit.
- Of those who had conducted an audit in the last two years, 53% used an external IT security company or MSP, 34% conducted the audit themselves and 13% used a combination of the two.
On SMB adoption of EDR, XDR and MDR:
- 27% of SMBs in North America say that they currently use EDR, XDR or MDR solutions. For those not deploying these advanced solutions in North America:
- 25% said it’s because they don’t know enough about EDR, XDR or MDR.
- 31% plan to use in the next twelve months.
- 13% would consider using it in the next two years.
- 4% are not considering these solutions yet.
In late September, ESET launched new cloud and extended detection and response solutions for managed service providers.