Majority of SMEs Lack Confidence in Security Postures
Faced with a snowballing threat landscape, there has been a significant drop in business confidence in the security technologies they’ve deployed to protect their organizations from data breaches and asset theft.
According to EiQ Networks’ most recent survey on the state of matters for U.S. small- and medium-sized enterprises (SMEs) in 2017, less than 15% report confidence that currently deployed technologies will be successful in detecting and responding to cyber-attacks. This is down significantly from the company’s 2015 cybersecurity survey, when 26.8% of IT security professionals expressed confidence in their security posture.
Interestingly, the three-quarters (75%) admitted a small-to-nonexistent IT security staff, with zero to two employees dedicated to that role. And, 87% say they have underfunded IT security strategies, with less than 10% of their total IT budget allocated to security. However, about half (47.7%) said that they review cybersecurity at least quarterly with executive management and the Board of Directors.
In all, 56% said they are unprepared to identify and respond to a security event.
As far as top worries, 74.6% are concerned about protecting customer data; 67.3% are concerned about protecting personally identifiable identification (PII); and 56.2% are concerned about protecting employee data.
“Our latest survey on the state of the cybersecurity landscape is very revealing. One of the most striking results is how little SMEs are spending on cybersecurity as compared to the overall IT budget—despite the very high risks they face daily from ransomware, phishing and zero-day attacks, to name just a few,” said Vijay Basani, founder and CEO, EiQ Networks. “The results also show that companies are not just underfunding cybersecurity, they are also understaffed. Without the IT security resources and expertise necessary to continually monitor, detect and respond to security incidents, SMEs are simply exposing themselves to loss of revenue, brand equity, IP and customer data on a daily basis.”
Source: Information Security Magazine