Despite frequent headlines about successful cyberattacks, many small businesses remain unprepared. Small business cybersecurity is still falling short in the face of growing threats.
A survey of 1,000 small businesses with annual revenues of less than $100 million finds that 74 percent allocate less than 10 percent of their total business budget to cybersecurity, with only about a quarter (24 percent) acknowledging their organization should be spending more on cybersecurity.
Conducted by Wakefield Research on behalf of Coalition Re, a provider of cybersecurity insurance, the survey finds that while 83 percent said they believe their risk has grown over the past year alone, only 25 percent of respondents believe it is significant. Nearly two-thirds (64 percent) said they still don’t think they’re an attractive target for cybercriminals to attack, even though 79 percent of respondents reported their organization had been attacked in the last five years.
Doing more with less
Finding the right resources
A high percentage of what is spent on cybersecurity should be allocated to managed services. Ultimately, a managed security service provider is better equipped to tackle cybersecurity threats, which, in the age of artificial intelligence (AI), are widely recognized to be increasing in both volume and sophistication.
Starting the conversation
Savvy MSPs are shifting the tenor of their conversations with small business leaders. Rather than trying to stoke additional fear, they are focusing more on the economics of cybersecurity. Many executives face difficult decisions about how to allocate their investments. They must balance essential business operations with ancillary functions, such as IT, that support core business functions.
These businesses are generally going to ignore any call to increase spending on ancillary functions. This is especially true when they need to prioritize investments in their core business. They will, however, consider reallocating existing budget dollars if it results in a better outcome. For example, many of those small business leaders have already concluded it is more economical to invest in cybersecurity insurance than it is to increase the cybersecurity budget. The paradox is that organizations must invest more in cybersecurity just to qualify for insurance coverage in the first place.
Focus on risk mitigation
When it comes to cybersecurity, business leaders are always going to be uneasy. From their perspective, it’s just one of many risks they are trying to balance. Many business leaders have already accepted a certain level of cybersecurity risk, so instilling further fear is unlikely to be effective. Instead, MSSPs should focus on strategies that help mitigate that risk. This can be achieved by shifting more of the responsibility for management to external experts. By focusing on risk mitigation and strategic resource use, small businesses can better defend themselves, without needing to spend more.
Photo: Andrey_Popov / Shutterstock
This post originally appeared on Smarter MSP.