SMBs are taking cybersecurity more seriously

SMBs are investing in protection with network and cloud security topping the list.

Datto, a Kaseya company, has released its 2022 State of Ransomware report, which surveyed nearly 3,000 IT professionals in small to medium-sized businesses across eight countries (the United Kingdom, United States, Canada, Germany, the Netherlands, Australia, New Zealand, and Singapore). The report shows that SMBs are aware of increasing cyber threats and allocating resources and investing in areas such as network and cloud security.

Key takeaways from this year’s survey include:

About a fifth of IT budget is dedicated to security and many are seeing increases in budgets. 47% of SMBs plan to invest in network security in the next year.

Over 50% of SMBs have implemented AV and email/spam protection, with network and cloud security as the top areas planned for investment in the next year.

37% of respondents run IT security vulnerability assessments three or more times a year, with 62% running them at least twice a year.

69% of SMBs currently have cyber insurance and 34% of those without cyber insurance are highly likely to get it in the next year.

42% of SMBs with cyber insurance think it’s extremely likely that a ransomware attack will happen in the next year, while only 16% of SMBs without cyber insurance think the same.

“We're seeing many businesses take more steps to protect themselves against threat actors,” said Chris McKie, VP of Product Marketing for Security and Networking Solutions. “Whether they’re investing in new security products or utilising multiple security frameworks, most SMBs realise the very real threat that ransomware poses for their business, and they’re doing what they can to keep themselves safe.”

Only 3 in 10 of SMBs have a best-in-class recovery plan in place, with 52% of them claiming they have a standard recovery plan in place. MSPs can help their clients improve their disaster recovery plan by building out their security and backup offerings or requiring clients to have cyber insurance. Cyber insurance can offset the risks of potential breaches, something which became increasingly more important when many SMBs accelerated their digital transformation efforts during the COVID-19 pandemic.

Additional insightful findings:

Rather be phishing. Compared to ransomware, respondents think phishing is more likely to occur in the next year. Many think this is the better alternative, as they believe its impact is lower than the impact of ransomware.

Getting insured. Organisations with cyber insurance are more actively engaged in their cybersecurity. They have more IT support, more cybersecurity frameworks (CSFs), and more security solutions. They’re also more likely to have experienced a cyber security incident in the past.

The right frame of mind. CIS framework is the most used cybersecurity framework, with 34% of respondents utilising it. This is followed by CMMC (30%), COBIT (27%), and NIST (22%).

Nebulon has introduced two new zero-trust offerings: Two-Person Commit and Single Sign-on (SSO).
Readiness is critical: 82% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months.
New Fortinet research reveals escalating cyber risks due to the ongoing talent shortage while the number of organisations experiencing five or more breaches jumped by 53%.
JUMPSEC reflects on ransomware trends from 2022 and what we can expect in 2023.
78% of companies faced a ransomware attack in 2021. New service helps organisations lower risks and improve response attack readiness.
Cyber risk leader Quod Orbis launches inaugural report into the compliance capability of UK businesses.
Zscaler has introduced enhancements to Zscaler Posture Control, strengthening its cloud native application protection platform (CNAPP) capabilities with data loss prevention (DLP) and ThreatLabz threat intelligence powered by the world’s largest security cloud.
With a 38% increase in global cyberattacks last year, the malicious threat of ransomware continues to grow. It is no longer a matter of ‘if’ an organisation will be hit but ‘when’, and, with the global annual cost of cybercrime predicted to top $8 trillion in 2023, organisations cannot afford to be complacent, argues Christopher Rogers, Technology Evangelist at Zerto, a Hewlett-Packard Enterprise company.