SMBs Orgs Want Help, but Cybersecurity Expertise Is Scarce

Smaller firms are boosting cybersecurity budgets, but theres a long way to go to address a deep lack of cyber preparedness among SMBs.

Nearly half of small and midsize businesses (SMBs) plan to spend more on cybersecurity in 2023 — which is a good thing given that six in 10 firms (61%) have no dedicated cybersecurity staff, about half (47%) have no incident response plan, and 40% fail to conduct formal awareness training.
Thats according to a survey of IT professionals at SMBs with 250 to 2,000 employees from Huntress, published on March 15, which found that while respondent organizations deploy a variety of cybersecurity products — such as email security (86%), endpoint protection (79%), and network protection (73%) — they tend to forgo basic defensive measures, such as supplementing workers password security with two-factor or multifactor authentication — a recommendation recently made by the
US Cybersecurity and Infrastructure Security Agency (CISA)
.
A significant number of these businesses feel either unprepared, understaffed, and/or under-resourced for responding to evolving threats, and a significant number face challenges in securing cyber insurance coverage and proper security awareness training for their workforces, the Huntress report stated, adding that midsize businesses are aware of the need for multiple cybersecurity layers, [but that] notable gaps exist in their current tools and planning processes.
To boot, a full third (34%) of respondents said they didnt believe they could detect advanced threats.
Theres a percentage out there that doesn’t know theyre actively being targeted or have already been compromised, says Roger Koehler, CISO at Huntress. Visibility is key for these businesses, as threat actors can be sitting in their networks for weeks or even months finding footholds and collecting information before they execute their attacks.
The
Huntress survey
found that 14% of this business segment had confirmed an attack in the past year, while another 10% of those IT professionals surveyed were not sure whether a cyberattack occurred. Given that there are
about 6 million businesses with 250–2,000 employees
in the United States, those numbers can add up.
The report did offer some good news: Huntress also found that 49% are planning to spend more on cybersecurity in the coming year to address the shocking need for more knowledge and preparedness. The fact that so many SMBs are taking a proactive approach going forward, rather than reacting to attacks, is hopeful, Koehler says. That said, sourcing the right staff will be the biggest challenge for figuring out how to spend that budget.
Midsize businesses arent just waiting until they face an incident to respond, but are actually investing in preventative measures that will stop the attacks in the first place, he says. However, you cant put a dollar value on having the right people on your team that have the skills to fight off attacks — and thats where midsize businesses could improve.
As of last fall, there were more than 700,000 openings in cybersecurity jobs, a 43% increase over 2021, according to
CyberSeek
. And with cybersecurity pros
facing burnout and dissatisfaction
, finding people to hire is tougher than ever.
The combination of more budget and a
tight market for knowledgeable cybersecurity people
will lead to strong growth in managed cybersecurity services, according to
an October analysis by consulting firm McKinsey
. The companys consultants argue that half the market will go to managed security service providers (MSSPs) and security-and-operations management.
Across all segments, forecasted changes in allocated security spending is increasing as a percentage of services between internal and third-party services, McKinsey stated in its analysis. So long as talent remains a problem, outsourced services will be essential for companies that need to support strong security outcomes.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
SMBs Orgs Want Help, but Cybersecurity Expertise Is Scarce