Only 37% of SMBs think they’re equipped to manage IT security

Just 37% of IT decision makers surveyed in the US, the UK, and Australia believe their organisations are completely ready to manage IT security and protect against threats. Although the current SMB cybersecurity picture may seem bleak, a new Webroot survey also points to some promising developments.

At the majority of small to medium businesses, IT teams are expected to handle all cybersecurity management and concerns. According to the survey, IT employees at nearly 1 in 3 companies (32%) juggle security along with their other IT responsibilities. This leaves employees stretched thin and unable to devote the necessary time to many critical cybersecurity tasks. Instead of taking a more proactive approach, these companies are often left on the defensive—not an optimal scenario in today’s world of zero-day attacks, phishing scams, social engineering attempts, and malicious websites.

Defending a company from cyberattacks is inherently challenging, and made even more so by budgetary constraints. The vast majority of SMBs do not have security budgets remotely comparable to those of large (and previously breached) enterprises, such as J.P. Morgan, Target, and Anthem. In fact, according to the study, nearly 60% of respondents think their business is more prone to cyberattacks because they have too few resources for maintaining their defences.

IT decision makers can point to specific areas in which they feel underprepared. According to the survey, almost half (48%) think their company is vulnerable to insider threats, such as employees. Following that, 45% believe they are unprepared for unsecured internal and external networks, such as public WiFi, and 40% for unsecured endpoints, such as computers and mobile devices.

All of the conduits cited should be cause for concern; within the past few years, hackers have exploited them to execute a number of high profile breaches. The survey respondents’ lack of confidence may be due to a reliance on outdated, traditional antivirus tools, many of which depend on large threat signatures downloads and system-intensive scans.

Statistically, the US, UK, and Australia only differed by a few percentage points overall, when it came to the pain points being examined. However, a closer look revealed some interesting gaps. For example:

• Just 50% of respondents in the US feel they don’t have time to stay abreast of the latest cybersecurity threats, as compared to 61% in Australia and 55% in the UK
• Respondents in the US and UK expressed more confidence in their endpoint protection capabilities (63%) than Australian respondents (55%)
• When it comes to money lost due to a potential cyberattack in 2016 (due to compromised customer records or critical business data), US SMBs feel the most pain. In the US, respondents estimated their businesses would lose an average of $522,602; in the UK, £215,910 (about $326,000); and in Australia, AUD 433,010 (about $341,000).

Overall, 81% of respondents plan to increase their annual IT security budget for 2016, by an average of 22%. Respondents are also very open to other strategies for improvement, with an overwhelming 81% also in agreement that outsourcing IT solutions (including cybersecurity endeavors) would increase their bandwidth to address other areas of their business.