By the end of 2015 cybercrime was at a record high during which more malware, malicious IPS, websites and mobile apps were discovered. Webroot’s 2015 SMB Threat Report: Are organisations completely ready to stop cyberattacks? shows the results from a survey of 700 SMB decision makers worldwide about their IT security, how ready they are for an attack and outsourcing their IT security to MSPs.
So how ready are customers to combat an attack?
Currently only 9% outsource all their IT security as a contract with MSPs and 27% have a mix of in-house and outsourced IT security solutions.
But those who handle it themselves do not feel their organisation is ready for a threat. In fact, only 37% of those surveyed reported they were completely ready to protect against and remediate threats, while 39% reported being “almost ready” – thus 63% of all surveyed were not completely confident in their readiness to counter attacks and protect themselves.
How do you rate your IT security preparedness?
There is a direct correlation between the 24% of organizations with dedicated cybersecurity resources and the 24% who were far from, or only somewhat ready to handle online threats. In fact, only 37% of those surveyed reported they were completely ready to protect against and remediate threats, while 39% reported being “almost ready.” Thus, 63% of all surveyed were not completely confident in their readiness to counter attacks and protect themselves.
However, when asked how confident a customer was allowing one of their staff to thoroughly handle a cyberattack the results were optimistic with 84% saying they were confident. This possibly indicates that SMBs have faith in their staff but feel their company overall can do more to prepare for an attack. Thus, 44% feel they have less time to stay up-to-date on threats.
Or perhaps some SMBs need to fully understand what is at stake – especially if they have not yet sustained an attack.
Positioning your managed security services as intelligent and comprehensive is the best way to give SMBs peace of mind since most SMBs cite lack of resource as their reason for being prone to cyberattacks.
How much more money will be spent next year on IT security?
Gartner tells us the cyber security bill worldwide for 2015 was $75 billion with companies losing $300 billion in costs. They identify security testing, IT outsourcing and access management as the largest areas for growth for technology providers. Webroot’s survey reports that the majority of SMBs plan to increase their cybersecurity budget in 2016. The chart below shows 81% plan to increase their budget by an average of 22%.
By what percentage do you expect to increase your Annual IT Security Budget for 2016?
Given the daily news about breaches at major retailers and other organizations, the majority of SMBs plan to increase their cybersecurity budget in 2016. This chart shows 81% increasing their budget by an average of 22%. This should help SMBs considerably improve their security postures, as they acquire or improve on cybersecurity resources and practices.
The diagram below shows why SMBs invest money in IT Security. It is to protect themselves from the potential irreparable damage of a cybersecurity attack, the loss of critical data, cost of downtime and data recovery and the damage to the business’ reputation. On 5th February 2016 Hollywood Presbyterian Medical Center suffered all of this when they paid 40 bitcoin – the equivalent of about $17,000 – to a hacker who had taken control of the hospital’s computer system. The malware left them helpless as it prevented hospital staff from being able to communicate from their devices.
How much do you estimate the total cost of a cyberattack on your business would be in 2016?
These figures from the survey illustrate why so many SMBs are planning to spend more on IT security in 2016. The impact of a cyberattack on lost customer records or other critical business data is severe. It’s important to note there are some regional differences in the cost impact. The survey sample size for the US and Australia was very similar, while the UK had a 33% larger respondent group. This may explain the seemingly large differences in the graph. On average, however, between 37% and 47% of losses across all regions to a cyberattack would total at least a $100,000.
Would outsourcing IT security help? Of those surveyed, 81% respondents agreed IT security outsourcing would increase their bandwidth for addressing other tasks with 53% agreeing it would help to a certain degree.
Many SMBs are outsourcing cybersecurity to MSPs to make up for the lack of time and in-house expertise. With the majority of SMBs planning to increase their security budget in 2016 MSPs are beginning to broaden their portfolio of service offerings in response.
Not only does the customer avoid the pain of installation and maintenance, they free up their budget for other areas of their business.
When respondents were asked if they had enough time to stay up-to-date on cybersecurity threats only 55% agreed at least somewhat that they do have enough time.
Not Enough Time to Keep Up on Cybersecurity
Do you have enough time to stay up-to-date on cybersecurity threats?
Keeping up with cybersecurity updates and the latest vulnerability patches is a crucial part of defending an organization. This graph and the next look at the time SMBs are able to dedicate to IT security matters. First we asked if respondents believed they had enough time to stay up-to-date on cybersecurity threats. More than half of respondents (55%) at least somewhat agreed that they do have enough time.
So with SMBs’ time and resource stretched thin it seems very likely cybersecurity will be outsourced more and more as IT becomes more complex. As this happens, SMBs will become proactive about identifying MSPs that offer intelligent cybersecurity solutions.
With more IT complexity there inevitably comes more varied routes for cybercriminals to take. The automation, commoditisation and low costs of becoming a professional cybercriminal are such that it requires minimal skill to set up a cybercrime business and start trawling the internet for victims.
MSPs are becoming increasingly aware of hacking due to high-profile cases but many are still unsure or under-informed about their own readiness to handle risks. But with new cloud-based cybersecurity architectures MSPs can now deliver solutions to SMBs of all sizes that are cost-effective and without the need to invest in new infrastructure.
How does partnering with Inbay help?
Gartner1 reports that a significant portion of organisations are shifting existing resources away from the operational aspects of security technologies, such as security device administration and monitoring, toward mitigation and incident response. In fact, by 2018 more than half of organisations will use security service firms that specialise in data protection, security risk management and security infrastructure management to enhance their security postures.
This new dynamic has given rise to significant growth throughout the globe for managed security services.
At Inbay, our role is to ensure that high levels of service are maintained for MSP ‘bread and butter’ services such as Network Operations Centre (NOC) and service desk. Our clients are able to liberate their valuable resources from routine monitoring, management and maintenance tasks, enabling them to divert time and attention to high-value areas of client concern such as IT security and build recurring revenue in the process.
If you would like to discuss how you can free up your time so you can concentrate on in-demand services please contact us here and watch your company grow.