Small and medium-sized businesses (SMBs) are behind the cybersecurity curve. These small organizations, often hyper-focused on running their businesses, have long lacked the tools, expertise, staff and budget to make major cybersecurity investments.
But as malware becomes mainstream and advanced threats mount, the focus is shifting, putting MSPs in a perfect position to help these SMBs transform their cybersecurity architecture.
Arctic Wolf surveyed over 140 SMBs in North America and found that these businesses are changing their tune. They’re starting to look at security from a proactive lens, wanting to mitigate the myriad risks they are certain are just around the corner. Budgets are increasing, with a focus on preventing those threats from becoming breaches, and knowing that internal staffing is short, they are looking for outside allies in this battle.
Read the full report, “The State of SMB Security.”
Risk Is Driving Factor in SMBs’ Budget and Security Decisions
SMBs have malware on their mind. 64% of all respondents are most concerned about malware threats and attacks, and 40% of respondents believe they are very likely or extremely likely to experience a cybersecurity attack target in the next 12 months. That fear is founded, as 34% of organizations stated they experienced a malware attack in the past year, and 29% experienced a phishing or spear phishing incident.
This upward creep of cybercrime, conducted by hackers who know that SMBs are spending more time on business operations than security operations, has organizations re-thinking their security decisions.
As it stands, they are not confident in their security, with nearly 6 in 10 respondents having a moderate or low confidence level in their current cybersecurity posture. This, in turn, escalates those previously mentioned fears, which further lowers confidence.
To get out of this cycle, SMBs are putting their time, energy, and budget toward risk management. 67% list risk-based budgeting as their primary budgeting method, and only 32% listed their primary budgeting method as “ad hoc/following an attack or breach.” Over two-thirds of businesses would rather spend money now than pay ransom later.
One respondent said it best, stating, “We need more evolving security.” That evolution is MSPs’ strength, and they can help SMBs build an architecture that not only meets the security needs of today but mitigates the threats of tomorrow.
SMBs Are Increasing Budgets to Meet These Risks
As SMBs are re-evaluating what they want their cybersecurity environment to look like, they’re also moving money to make it happen.
62% of respondents say their organization’s cybersecurity budget or spending will increase in the next 12 months, and 46% of respondents say at least one-tenth of IT budgets/spending in the next 12 months will be allocated for cybersecurity.
SMBs aren’t letting the budget stop them from making big cybersecurity moves. However, these are still small organizations. MSPs must be clear about what they’re offering and help these businesses get comprehensive, efficient solutions that exceed their needs without breaking the bank. Even with increasing dollar amounts, this could still be a major decision the SMB has to make, so MSPs need to be a voice of expertise and support throughout the process.
On that note, 85% of respondents stated they are highly satisfied with the cybersecurity services they receive from their managed detection and response (MDR) service provider. MSPs should consider partnering with an MDR provider, as they not only have already shown value to SMBs but can provide hands-on-keyboards and 24×7 support.
As one respondent stated, “We’re a young inexperienced IT department,” so MSP plus MDR makes for a powerful partnership.
Explore our survey results in full with “The State of SMB Security.”