Majority of SMBs Lack Dedicated Cyber Experts, Incident Response Plan
Nearly half of small and mid-size businesses (SMBs) in North America lack a cyberattack response plan, according to a new report from Huntress.
That puts smaller organizations, many of which already lack adequate resources to fend off an attack, at a “severe disadvantage” to quickly and effectively assess the damage and fight off security incidents when they occur, said Huntress, a managed security platform provider for SMBs.
Huntress Study Detailed
Huntress’ study, which spans 256 security professionals in decision-making roles at SMBs located in the U.S. and Canada of between 250 to 2,000 employees, yielded the following findings:
- 49% of mid-sized businesses plan to budget more for cyber security in 2023.
- 24% of mid-sized businesses have suffered a cyberattack or are unsure if they have suffered an attack in the last 12 months.
- 61% of mid-sized businesses do not have dedicated cybersecurity experts in their organization.
- 47% of mid-sized businesses do not currently have an incident response plan.
- 27% of mid-sized businesses reported having no cyber insurance coverage.
Commenting on the report, Kyle Hanslovan, Huntress chief executive officer, said:
“In some regards, this research tells a virtual ‘Tale of Two Cities’ for mid-size and smaller businesses. Many report solid progress in strengthening their cyber defenses, while others acknowledge they face significant gaps in resources and talent that substantially increases their cyber risk.”
Where SMBs Fall Short
The research showed a large percentage of the respondents weren’t deploying threat monitoring, endpoint detection and response, vulnerability scanning, patch management or network detection and response, Huntress said. Security defenders have repeatedly emphasized the importance of all of those cyber defense maneuvers, particularly regular patch management.
Mid-sized businesses also struggled to implement basic training measures and recruit the necessary staff. Slightly more than six in 10 (61%) of respondents do not have dedicated cybersecurity experts in their organization and only 9% of workers adhere to security best practices.
In addition, many mid-sized organizations are feeling the pinch of their security gaps when looking to acquire cyber insurance, Huntress said. The research findings showed that while 69% of respondents reported they are required to carry some form of cyber insurance, nearly 30% reported having no coverage, highlighting the immediate need to shore up cyber hygiene in order to lock in protection.