SMBs Unsure And At Risk, Survey Finds

New study highlights uncertainty among small to midsize businesses on cyberattacks, threats

Nearly 60 percent of small to midsize businesses (SMBs) say upper management doesnt consider cyberattacks a big risk to their organizations.
Meanwhile, 33 percent arent sure whether their businesses have been hit by an attack in the past 12 months, while 42 percent say they have experienced an attack, according to a new Ponemon Institute survey of 2,000 SMBs in the U.S., U.K., Germany, and Asia-Pacific.
Respondents in the more senior-level jobs are the most unsure about the real threats to their businesses, according to the Sophos-sponsored survey, and CISOs and other senior managers are not typically involved in security priority decision-making. Around 30 percent say their CIOs are in charge of setting security priorities, and 31 percent say no one person is in charge doing so.
The good news in the survey was that at least some SMBs recognized they arent as prepared as they should be for todays threats, says John Shier, senior engineer at Sophos. Even so, many more are not: But its disheartening that we are in this situation of their not knowing their security posture, he says.
Nearly 30 percent dont know how much damage or theft to their IT assets would cost their organization, and nearly one-fifth dont know what an IT disruption would cost them. Budgets are tight, with more than 40 percent saying their budgets arent sufficient for locking down their networks, and just 25 percent say they have sufficient security expertise in-house.
The study also measured the uncertainty index by industry: Retailers and education & research were the industries showing the most uncertainty about their security postures. Financial services and technology & software fared as the most sure about their situations. Shier says SMB financial services firms may be more knowledgeable about their security postures due to their regulatory requirements.
But the fact remains in breaches that occur that [SMBs] are equally as vulnerable when it comes to breaches and security threats, he says.
Larry Ponemon, president of the Ponemon Institute, says SMBs need to get a grasp on the risks. CIOs are under pressure to implement new technology that informs agile and efficient ways of working, but this should not take precedence over security. The industry needs to recognize the potential dangers of not taking cybersecurity seriously and create support systems to improve SMB security postures, he says.
The full report, The Risk of an Uncertain Security Strategy: Study of Global IT Practitioners in SMB Organizations, is available
here
(PDF) for download.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
SMBs Unsure And At Risk, Survey Finds