Digital Threats to Small/Medium-Sized Businesses

Businesses across the nation are transforming to better serve their customers in a digital economy. For most, this involves setting up cloud-based storage systems, hiring a dedicated IT company, and purchasing devices designed for security and performance. 

Unfortunately, this has created more complex IT environments and can place unprepared organizations at risk of cyberattacks. And the risk is real—organizations that suffer cyberattacks are at risk of going out of business. Common ransom amounts can exceed hundreds of thousands of dollars, a daunting sum to most companies. Universally, organizations are recognizing the need to invest in better solutions to protect their organizations from attacks. This is even more critical for small midmarket organizations that lack the resources of larger enterprise organizations. But who can small/medium-sized businesses turn to for help?

Challenges Businesses Face

ESG recently performed research to identify the challenges small midmarket organizations were experiencing, the number of dedicated security resources they have, the number of security events they experience per year, and how they are prioritizing spending to support cybersecurity and other managed services. The research consisted of a survey of 250 IT/information security decision-makers responsible for and/or knowledgeable about their organization’s networking infrastructure and security controls who are employed at organizations with 20 to 500 employees. Respondents were based in the US and Canada. Organizations represented in the sample included a broad cross-section of industries, such as technology, manufacturing, education, and business services, among others.

Initial Findings

The cybersecurity landscape is driving increased complexity, and small midmarket firms are not prepared to adequately defend the company, as evidenced by the fact that almost half of the respondents reported multiple security incidents over the last year. These events place the business at risk and will require organizations to invest in additional security services. According to respondents, MSPs can help organizations improve their security posture, as well as other areas, and are able to handle increasingly difficult tasks with greater efficiency.

Cybersecurity Is Driving Complexity 

ESG research highlights this fact as 77% of the small and midmarket organizations surveyed report that their IT environments have become more complex over the last two years. More importantly, when asked about the biggest reasons for their IT environment becoming more complex, the number one response was an increasing and/or changing cybersecurity landscape.

In addition to cybersecurity, these organizations must deal with growing amounts of data to manage and an increase in the types of devices to manage. In many cases, this increase could be a result of bring-your-own-device (BYOD) initiatives, where employees may be using a wide range of devices, which can also create their own security issues. It is interesting to note that even though cybersecurity issues are the leading cause of complexity, the vast majority (85%) of surveyed organizations either do not have resources dedicated to security or only have one.

Cybersecurity Events Impact the Businesses

Nearly half of surveyed businesses (48%) have suffered multiple serious security incidents in the past year, with the mean being three incidents. While 32% of organizations reported no security incidents in the last year, it should be noted that organizations that experienced a security incident are three times more likely to say IT has become more complex, creating a direct link from complexity to security incidents. 

It will be critical for organizations to better protect themselves from these security incidents to ensure continued operations. This is especially true given the impact these events can have on the business. Respondents from the survey indicate that anyone security incident has a 23% chance of putting their organization out of business. Given the number of incidents that occur every year, it is possible that allowing these security incidents to occur unchecked could result in the business failing. 

Other top impacts include disruption to business, the amount of time required to remediate the situation and the loss of data. The research also wanted to understand what factors contributed to these security incidents occurring. The top three most commonly reported factors were human error by end-users, the inability of IT resources to keep up with their workloads, and a lack of organizational understanding of cybersecurity risk. Even if you are not aware of the risk, it is still very real, and it is imperative for organizations to be informed. As organizations digitally transform to become more agile and responsive to their customers, it is important that business ensures that any new IT initiatives are fully vetted and approved by those responsible for cybersecurity.

Further proof that organizations are feeling vulnerable is the fact that more than three-quarters (77%) of them are planning to either substantially or somewhat increase their cybersecurity spending in the next 12 months and the remainder will spend the same amount as last year. 

Will these increases in the security budget be enough? 

When asked what was hindering the adoption of additional security services, close to two-thirds (62%) reported that a limited budget was one of the top hindrances, the most common response. Given these challenges, it is unlikely these organizations will be able to hire additional dedicated resources, but rather will need to look outside their walls to find services or resources to help them securely navigate new technology deployments.

Working with MSPs Can Reduce the Security Risk

Many of these small/medium-sized businesses with limited resources and increasing complexity are leveraging managed service providers or MSPs to help. ESG research asked respondents about their use of MSPs. The overwhelming response was that 95% of the survey respondents were using, planning to use, or interested in using MSPs. 

There is a reason so many of these organizations are working with MSPs, and it’s that they are delivering benefits to those businesses. According to the research, the most commonly reported benefit organizations have achieved from working with their MSP is that the MSP has reduced their operational risk (reported by more than eight out of ten [81%] respondents). Other benefits of working with MSPs include the ability to save time, enable existing staff to work on other projects, achieve better SLAs, and reduce complexity. Lastly, many also reported they were able to save money. Given the previously reported budget issues holding back security initiatives, this appears to be a natural fit.

Cyber Security Steps You Can Take

The reality is that all companies that rely on IT to run their business are facing a complex and ever-changing cybersecurity threat landscape, yet based on the research collected, few small midmarket companies are well equipped to deal with it. The lack of dedicated resources, IT budgets, and skills to deploy and operate security solutions poses real problems.

This is where MSPs like C3 Tech can play a significant role. 

The research indicates that MSPs with the appropriate security skills and services can deliver meaningful results. Furthermore, if the right MSP is selected, there are a number of additional IT services it could deliver to provide additional value. If you’re part of an Orange County business and you want your data protected, partner with C3 Tech by calling us at (714) 689-1700 today.