Small and medium-sized businesses (SMBs) understand the need to invest in technology to support growth across their hybrid work environment, but many fail to prioritize security, according to a new study from Check Point Software Technologies Ltd.
Check Point’s SMB cybersecurity market survey, conducted by research firm Analysys Mason, uncovered how SMBs are emerging from the pandemic, and how their business and technology needs are changing, according to a prepared statement.
The survey reflects that a majority of organizations including SMBs have embraced cloud, mobile, and SaaS technologies in recent years, Check Point said. Now, compared with pre-pandemic levels, there has been an increase in IT spending to drive business growth. While SMBs have increased their investment in communication technologies and services to support remote workers, the attack surface has expanded thereby increasing the risk of cyberattacks.
SMBs Leave Themselves Vulnerable to Attacks
With the increase in supply chain attacks across the industry, cyber criminals are increasingly using more vulnerable SMBs as an entry point into larger enterprises, Check Point reports. Consequently, this approach wreaks havoc on both the SMBs and all the enterprises with whom they interact.
Given the global cybersecurity skills shortage, SMBs are struggling to properly secure their critical assets, making them a growing target for cybercriminals, Check Point asserts. Meanwhile, larger enterprises usually have bigger IT budgets and security resources, so they can recover more easily from a cyberattack.
The survey found that two of the biggest impacts that cyberattacks have on SMBs include lost revenue (28%) and the loss of customer trust (16%).
Eyal Manor, vice president of Product Management at Check Point, offered perspective on the survey results:
“It is reassuring that SMBs have increased their investment in cybersecurity to support business growth and the new hybrid work model but having the correct mix of security products is only part of an effective strategy. Because there is a shortage of cybersecurity workers for SMBs, they require security solutions that deliver proven threat prevention, are extremely simple to deploy and manage, and offer the flexibility of an ‘all-in-one’ solution that combines security and internet connectivity.”
A Closer Look the Survey Results
Check Point’s survey of 1,150 small and medium-sized businesses across the U.S., Germany, U.K. and Singapore, revealed:
- SMBs struggle with a lack of expertise and require additional support. Only 22% of respondents felt they were extremely well protected against cyberattacks, and only a minority have internal security specialists or are working with a third party. This means that a large number of SMBs either have no security products in place or these products are managed by non-specialist staff. While there is a significant rise in the number of SMBs working with MSPs to help address IT issues, about one third of respondents said they would like additional help from their MSP in upgrading security.
- Cybersecurity as an investment. The SMBs surveyed recognized the disastrous effects of a cyberattack on their company but seemed to agree that they had inadequate security budgets. Security vendor solutions priced beyond their budgets was identified as a key challenge to having effective cybersecurity capabilities.
- SMBs are adapting to the “new normal” but mobile security is lacking. SMBs are expecting 40% of their employees to continue working remotely for at least some of the time. The highest priority in all countries was to ensure that IT can be managed and supported remotely, validated by additional laptop purchases and increased VPN capacity. However, the survey also shows that the take up rate of even basic security products is low. The most adopted service, endpoint protection, is only used by 67% of respondents and less than half have any form of mobile security.
Manor advised SMBs should also be looking for a consolidated and unified security suite that achieves a high level of protection across their network, endpoints, mobile and email:
“SMB security providers should use a prevention-first approach and one that cuts down TCO (total cost of ownership), by reducing the need to manage additional staff or security expertise. SMBs should also consider leveraging third party managed service providers to gain access to experienced cybersecurity professionals at an affordable cost. Third party advisors can provide expert advice on the best security solution for each SMB along with training and ongoing support.”