More than one in three SMB organizations are engaging managed security services providers (MSSPs) to support their organizations’ IT security functions, a new report by security provider Keeper revealed.
On average, 32 percent of an SMB’s IT security operations are supported by MSSPs, a three point rise from last year’s study, according to Keeper’s report, entitled the 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses. The third such edition draws on the input of some 2,200 respondents in SMB outfits globally. A closer drill down reveals some specifics of how SMBs deploy MSSPs:
- 70 percent engage MSSPs to monitor or manage firewalls or intrusion prevention systems.
- 39 percent of SMBs deploy MSSPs to monitor or manage multifunction firewalls, up from 28 percent in 2017.
- Fewer respondents said they use MSSPs to monitor or manage intrusion detection systems security gateways for messaging or Web traffic.
Here are some additional findings:
- Two in three of the respondents said that their organization had experienced a costly cyberattack in the past 12 months.
- According to the survey results, those companies spent an average of $1.2 million, up from $1.03 million in 2017, to repair damage or recover from theft of IT assets and infrastructure. Disruption to normal operations cost an average of $1.9 million, an increase from $1.21 million in 2017.
- The time it takes SMBs to respond to a cyberattack has increased or not improved. Only 26 percent of respondents said their organizations have been able to decrease the time it takes to respond to a cyberattack.
- Since 2017, SMBs report that cyber threats are more targeted, an increase from 60 percent to 69 percent of respondents in 2019. Most respondents said cyberattacks against their companies are severe and sophisticated (61 percent and 60 percent, respectively) and has not changed since 2017.
- Mobile devices and laptops are considered, by far, the most vulnerable endpoint or entry point to respondents’ companies’ networks and enterprise systems. Since 2017, respondents who believe laptops are vulnerable increased from 43 percent of respondents to 56 percent of respondents.
- SMBs continue to struggle with insufficient personnel and money. Most SMBs lack the personnel to mitigate cyber risks, vulnerabilities and attacks (77 percent of respondents). Insufficient budget resources and (55 percent of respondents) and no understanding of how to protect against cyberattacks (45 percent of respondents) are also contributing factors.
- 65 percent of respondents said their budget is inadequate or unsure and 42 percent of respondents say they have an appropriate level of in-house expertise. Only an average 13 percent of the IT budget is dedicated to IT security activities and an average of 37 percent of the IT personnel support IT security operations.