Most SMBs lack certainty over IT security – study

21 Nov 2013

Small and mid-sized organisations with uncertainty about the state of their IT security are leaving themselves open to cyberattacks, a new study suggests.

The Risk of an Uncertain Security Strategy study conducted by Ponemon Institute and sponsored by IT security solutions provider Sophos also reveals that senior managers are failing to prioritise cybersecurity. This in turn prevents them from establishing a strong IT security strategy, potentially leaving their organisations weak against cyberthreats.

Of the 2,000 respondents surveyed globally, 58pc confirmed that management do not see cyberattacks as a significant risk to their business. Despite this, IT infrastructure and asset security incidences, as well as wider security-related disruptions, were found to have cost these SMBs a combined average of US$1,608,111 over the past 12 months.

The study also found that respondents in more senior positions have the most uncertainty about the threats to their organisations, indicating that the more removed the individual is from dealing with security threats on a daily basis, the less informed they are about the seriousness of the situation and the need to make it a priority.

“The scale of cyberattack threats is growing every single day,” said Gerhard Eschelbeck, CTO for Sophos, “yet this research shows that many SMBs are failing to appreciate the dangers and potential losses they face from not adopting a suitably robust IT security posture.”

According to the research, there are three main challenges preventing the adoption of a strong security posture: failure to prioritise security (44pc); insufficient budget (42pc); and a lack of in-house expertise (33pc). In many SMBs, there is also no clear owner responsible for cybersecurity.

“Small and mid-size organisations simply cannot afford to disregard security,” said Larry Ponemon, president of the Ponemon Institute.

“Without it there’s more chance that new technology will face cyberattacks, which is likely to cost the business substantial amounts. CIOs are under pressure to implement new technology that informs agile and efficient ways of working, but this should not take precedence over security. The industry needs to recognise the potential dangers of not taking cybersecurity seriously and create support systems to improve SMB security postures.”

IT security image via Shutterstock

Tina Costanza was a journalist and sub-editor at Silicon Republic