There’s a common misconception that small- and medium-sized businesses (SMBs) don’t take cybersecurity as seriously as large enterprises. Nothing could be further from the truth.
Indeed, this Cisco Benchmark Survey reveals SMBs are among the most entrepreneurial in their adoption of security measures. It’s just one of many myths surrounding these organizations and how they utilize their resources. Cisco examined almost 500 SMBs, defined as organizations with 250-499 employees. Here’s a look at three more assumptions from the survey that might surprise you.
FACT OR MYTH?
SMBs lack personnel dedicated to security.
MYTH. With everyone pitching in wherever necessary at SMBs, there’s an assumption that cybersecurity is just one aspect of someone’s job. And this person is also balancing other aspects of IT management such as managing data centers and evaluating new hardware. The myth is that SMBs have few, if any, dedicated resources for cybersecurity.
While this may be the case for some, SMBs overwhelmingly reported that they do have dedicated employees for cybersecurity. In fact, less than 1% of SMBs said that they didn’t have anyone dedicated to security. Even more surprising, 60% said they had over 20 people dedicated to security.
And how does that compare to larger businesses? The percentage of larger organizations that have more than 20 people dedicated to security is significantly higher (79%), which is to be expected. These stats show that SMBs have more dedicated security resources than some thought.
Does this mean that cybersecurity talent shortages are no longer an issue for SMBs? The study certainly wouldn’t go that far. SMBs said that a lack of trained personnel is their third biggest challenge. Their top challenge is budget constraints, followed by compatibility with legacy systems. Third place is tied between trained personnel and jointly competing priorities. Consider this a sign of the cybersecurity challenges facing smaller businesses – they recognize they are a target, and that attacks against them are getting increasingly sophisticated. In order to combat that, they are putting themselves in the best possible position. And for SMB organizations, that means investing in the right people and security partners.
FACT OR MYTH?
Large businesses have more up-to-date infrastructures.
FACT. When asked to describe their infrastructures and their strategy for investing and replacing key security technologies, almost all SMBs said they are diligent about keeping their infrastructures up to date.
It’s true that SMBs don’t have quite as up-to-date infrastructures as larger businesses (54% of large businesses say they are very up-to-date compared to 42% of SMBs). However, a collective 94% of SMBs say they either update regularly or constantly. Thus, the vast majority are certainly not holding onto old equipment until it becomes obsolete.
For SMBs, it’s about maximizing what they have, rather than chasing every shiny new security product. Many times, SMB customers are thinking creatively to stretch their security even further.
FACT OR MYTH?
SMBs face different threats than larger businesses.
FACT. Cybercriminals use their most stealthy and menacing tactics against larger enterprises, as they are after the biggest prize. On the other hand, the threats facing SMBs may be different, but they can be equally as dangerous.
Cisco compared the types of cyberattacks that SMBs and large enterprises reported in the past year with how much downtime (loss of business hours) the attacks caused. The survey did this using four categories based on the organization’s number of employees.
The results are interesting in terms of which threats cause the most damage. Cisco found that ransomware doesn’t discriminate. For both SMBs and large enterprises, ransomware was the No. 1 most likely threat to cause more than 24 hours of system downtime. By contrast, a denial-of-service attack (DDoS) rarely causes the most impact for smaller organizations but is the third most destructive attack type in terms of downtime for 10,000+ employee organizations. However, phishing is reported to be a large problem for small organizations but is well down on the scale for larger organizations.
To sum it all up, Cisco's data shows that SMBs are taking security seriously in their strategic planning and daily operations.
IT Security eBook
Small businesses deserve big protection
Big companies may face more cyberattacks — but it’s smaller businesses that are often hit the worst. Read our guide on how to solve those unique IT security challenges.