Survey: Small Cybersecurity Teams Face Greater Risk from Attacks than Larger EnterprisesSurvey: Small Cybersecurity Teams Face Greater Risk from Attacks than Larger Enterprises
Cynet CISO survey reveals lack of staff, skills, and resources driving smaller teams to outsource security with advanced tools, technologies, and services.
July 13, 2022
Boston, MA – July 13, 2022 – Cynet, the world’s first provider of an autonomous, end-to-end, fully automated extended detection and response (XDR) platform, today announced the results of its second annual “CISO Survey of Small Cyber Security Teams." The survey found that companies with small security teams continue to face a number of unique challenges that place these organizations at greater risk than larger enterprises. These enhanced risks are moving these companies to consolidate security platforms to fewer, more robust and comprehensive tools to simplify and improve protections.
The Cynet survey analyzed responses from 200 Chief Information Security Officers (CISOs) at small and medium size enterprises (SMEs) with five or fewer security staff members and cybersecurity budgets of $1M USD or less. It found that a majority of these organizations were overwhelmed by an endless volley of cyberattacks. These security professionals report that they are inundated by many of the same threats facing larger organizations, but lack the financial resources, staff specialists, training and proper tools to consistently remediate them.
According to the survey results:
58% of the responding CISOs felt their risk of attack was higher compared to enterprises, despite the fact that enterprises have a larger target on their back.
94% say they have barriers in maintaining their security posture, due to a lack of skilled security personnel (40%), excessive manual analysis (37%), and the increasingly remote workforce (37%) among other factors.
87% have difficulty in managing and operating their threat protection products due to overlapping capabilities (44%) and difficulty visualizing the full scope of an attack (42%).
As a result, 90% of small security teams are outsourcing security mitigation to a Managed Detection and Response (MDR) service, while also using Managed Security Service Provider (MSSP) services (21%) and Virtual Chief Information Officer (vCISO) services (15%).
The survey also revealed a huge year-over-year rise in the use of Endpoint Detection and Response (EDR) tools (from 52% to 85% of respondents), as well as a doubling of Extended Detection and Response (XDR) tool usage (from 15% to 30%). Among respondents, 77% indicated that EDR is now the #1 tool for detecting threats, up significantly from 23% in 2021. Those reporting Network Detection and Response (NDR) as the primary method for detecting threats fell from 46% in 2021 to only 3% in the 2022 survey. It's clear that small security teams are seeing the value in robust EDR/XDR solutions, especially in remote working landscapes where employees are often not on the company network.
"CISOs with small security teams struggle to purchase and maintain the comprehensive set of security solutions needed to protect their companies from increasingly sophisticated threats," said Eyal Gruner, CEO and Co-Founder of Cynet. "The survey results once again show how these security experts continue to adapt their protection strategies in response to the ongoing wave of criminal and state sponsored cyberattacks."
To see complete metrics, analyses and data visualizations, download a free copy of the 2022 Cynet CISO Survey of Small Cyber Security Teams.
Cynet is a provider of the world’s first end-to-end, natively automated extended detection and response (XDR) platform – Cynet 360 AutoXDR™ – backed by a 24/7 MDR service. Its mission is to make it easy and stress-less for any organization to be safe and secure from cyber threats. The platform was purpose-built to enable small security teams to achieve comprehensive and effective protection regardless of their resources, team size, or skills. It does this by managing day-to-day security operations so teams can focus on managing security rather than operating it. The complementary 24/7 MDR service provides organizations with monitoring, investigation, on-demand analysis, incident response, and threat hunting. Visit to learn more: https://www.cynet.com.
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage
The Cyber Threat Impact of COVID-19 to Global Business
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report