A recent survey of 700 IT decision makers at SMBs in the U.S., U.K., and Australia has found that only 37 percent of respondents believe their organizations are completely ready to manage IT security and protect against threats.

The survey, conducted in late October and early November 2015 by Wakefield Research on behalf of Webroot, also found that almost 60 percent of respondents think their company is more vulnerable to cyber attacks because they have too few resources for maintaining their defenses.

Almost half of respondents think their company is vulnerable to insider threats, 45 percent believe they're unprepared for security issues caused by unsecured internal and external networks such as public Wi-Fi, and 40 percent say they're vulnerable to threats caused by unsecured endpoints, such as computers and mobile devices.

Still, 84 percent of respondents said they're confident that someone on their staff would be able to thoroughly address a cyber attack.

There are some significant differences between countries -- 50 percent of respondents in the U.S. don't feel like they have enough time to stay abreast of the latest security threats, compared to 61 percent in Australia. Sixty-three percent of respondents in the U.S. and the U.K. are confident of their endpoint protection capabilities, compared to 55 percent in Australia. And when asked what a potential data breach would cost their company, respondents in the U.S. said $522,602, those in the U.K. said £215,910 (about $326,000), and those in Australia said AUD 433,010 (about $341,000).

Fully 81 percent of respondents plan to increase their IT security budgets in 2016, by an average of 22 percent -- and 81 percent agree that outsourcing IT solutions, including cyber security, would increase their ability to address other issues.

"SMBs play a pivotal role in helping drive the economies of all the countries polled, but past experiences have taught them they face an uphill battle when it comes to cyber security," Webroot director of product marketing George Anderson said in a statement. "This perception must change."

When asked how their IT security is managed, 32 percent of respondents said they handle IT security along with other IT responsibilities, 27 percent have a mix of in-house and outsourced IT security solutions, 24 percent have a dedicated in-house IT security professional or team, 9 percent outsource IT security by contracting with a managed service provider (MSP), 5 percent have non-IT employees who handle IT security along with other responsibilities, and 3 percent have no resources that specifically address IT security.

"SMBs no longer need to go it alone," the report states. "Through a carefully considered mix of stronger cyber security approaches, increased spending and management outsourcing, they can deploy and maintain the same business security as larger enterprises, for a fraction of the cost."

Previous eSecurity Planet articles have examined managed security services' role in cloud security, and offered four tips on choosing an MSP for IT security.

Photo courtesy of Shutterstock.