Fully 86 percent of small to medium enterprises (SMEs) have less than 10 percent of their total IT budget allocated to cyber security and 75 percent have between zero and two IT security staff members, according to the results of a recent EiQ Networks survey of more than 150 SME IT security professionals.
“One of the most striking results is how little SMEs are spending on cyber security as compared to the overall IT budget — despite the very high risks they face daily from ransomware, phishing, and zero-day attacks, to name just a few,” EiQ Networks founder and CEO Vijay Basani said in a statement.
“Without the IT security resources and expertise necessary to continually monitor, detect, and respond to security incidents, SMEs are simply exposing themselves to loss of revenue, brand equity, IP, and customer data on a daily basis,” Basani added.
The survey noted a significant drop in confidence over the past two years — in 2015, 27 percent of respondents expressed confidence in their security posture, but in 2017, less than 15 percent said they feel confidence that their currently deployed technologies will be successful in detecting and responding to attacks.
Forty-five percent of respondents were breached or believe they were breached at least once in the past year, and 56 percent feel they’re unprepared to identify and respond to a security incident.
Seventy-five percent of respondents said they’re concerned about protecting customer data, 67 percent are concerned about protecting PII, and 56 percent are concerned about protecting employee data.
A separate Manta survey of 1,420 small business owners found that fully 87 percent of respondents said they don’t feel at risk of experiencing a data breach.
Still, 12 percent said their small business has experienced a cyber attack in the past, and just 69 percent of respondents have any controls in place to prevent breaches.
Of those small business owners that do have IT security controls in place, 17 percent are leveraging anti-virus software, 16 percent are using firewalls, 14 percent are using anti-malware software, and 14 percent are leveraging spam filters.
Just 12 percent are conducting regular vulnerability scans, 11 percent are using automated software updates, 10 percent are leveraging data encryption, and 6 percent are using outsourced security operations.
“Any data breach, regardless of how small, is a real threat to a small business, which is why prevention tactics are essential,” the Manta report notes.