Last week, I published a blog on the state of cybersecurity at small organizations. As a review, two-thirds of firms with 50 to 499 employees have experienced at least one cybersecurity incident over the past few years, leading to lost productivity and business disruptions. Survey respondents claim that the biggest contributing factors to these cybersecurity incidents include human error, a lack of knowledge about cyber risk, and new IT initiatives lacking proper cybersecurity oversight.
Based upon this data, many small organizations don’t have the skills, staff, or cybersecurity infrastructure to keep up with the threat landscape.
So, what are they doing to bridge this gap? Spending more money on cybersecurity for starters. Fifteen percent of organizations claim they will substantially increase their cybersecurity budgets while another 53% will increase their cybersecurity budget somewhat.
Many smaller organizations also realize that they can no longer carry the cybersecurity load on their own: 32% of small organizations will substantially increase their use of managed security services, while another 40% will increase their use of managed security services somewhat.
Finally, small organizations seem to be leaning toward integrated product suites from a single vendor. Fifty percent of respondents say that their organization would prefer to procure all their cybersecurity tools together as part of a unified product suite while 40% prefer to use disparate best-of-breed security tools to protect different parts of their environment. Those who prefer best-of-breed security tools represent the traditional infosec mindset, believing that a heterogeneous layered defense provides the best protection. Perhaps, but this strategy carries a lot of operational overhead, and many small organizations don’t have the resources for this type of difficult workload.
Netting this out, small organizations hope to address their cybersecurity deficiencies by increasing budgets, moving to security product suites, and working with managed security service providers.