Hello dedicated readers! My blog is back from a restful week’s vacation on Cape Cod and ready to tackle the falling leaves, changing temperatures, and cybersecurity issues of Autumn.
Back in August, I wrote a few blogs about cybersecurity trends in small and mid-sized organizations (i.e. between 50 and 499 employees). The first blog looked at the state of cybersecurity at SMB firms and the second blog examined what they are doing to address these issues.
Aside from security incidents and subsequent actions, what are the major cybersecurity challenges experienced by small and mid-sized organizations? ESG asked this question in a survey of 400 IT and cybersecurity professionals working at SMB firms. The results are as follows (note: multiple responses were accepted):
- 28% of respondents say that their biggest cybersecurity challenge is that their organization depends upon too many manual or informal processes for cybersecurity.
- 27% of respondents say that their biggest cybersecurity challenge is that it is difficult to manage the complexity of too many disconnected cybersecurity tools.
- 27% of respondents say that their biggest cybersecurity challenge is that business managers don’t understand or support strong cybersecurity.
- 25% of respondents say that their biggest cybersecurity challenge is that their organization doesn’t provide an appropriate level of cybersecurity training for non-technical employees, leading to increased risk.
- 24% of respondents say that their biggest cybersecurity challenge is that their organization lacks the right skills to deal with modern types of cyber threats.
These challenges are understandable. In the past, security was thought of as an IT afterthought at many SMB firms. Consequently, these organizations purchased security products on an ad-hoc basis with no central strategy, while cybersecurity responsibilities were often delegated to an interested IT employee who was simply told to do his or her best without disrupting the business. Employee training was often either neglected or guided by regulatory compliance requirements and little else.
Given that the ESG research reveals that two-thirds of SMB firms have experienced at least one security incident over the past two years, it’s high time to abandon this laissez-faire attitude. This means creating a cybersecurity strategy that aligns with the business mission, formalizing processes, investing in skills development, and getting executive management onboard.
Like it or not, strong security has become a required utility – the cost of doing business. If you must do something (like cybersecurity) to achieve business success, you may as well do it well.