Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

06:37 PM
Connect Directly

SMBs Unsure And At Risk, Survey Finds

New study highlights uncertainty among small to midsize businesses on cyberattacks, threats

Nearly 60 percent of small to midsize businesses (SMBs) say upper management doesn't consider cyberattacks a big risk to their organizations.

Meanwhile, 33 percent aren't sure whether their businesses have been hit by an attack in the past 12 months, while 42 percent say they have experienced an attack, according to a new Ponemon Institute survey of 2,000 SMBs in the U.S., U.K., Germany, and Asia-Pacific.

Respondents in the more senior-level jobs are the most unsure about the real threats to their businesses, according to the Sophos-sponsored survey, and CISOs and other senior managers are not typically involved in security priority decision-making. Around 30 percent say their CIOs are in charge of setting security priorities, and 31 percent say no one person is in charge doing so.

The good news in the survey was that at least some SMBs recognized they aren't as prepared as they should be for today's threats, says John Shier, senior engineer at Sophos. Even so, many more are not: "But it's disheartening that we are in this situation of their not knowing their security posture," he says.

Nearly 30 percent don't know how much damage or theft to their IT assets would cost their organization, and nearly one-fifth don't know what an IT disruption would cost them. Budgets are tight, with more than 40 percent saying their budgets aren't sufficient for locking down their networks, and just 25 percent say they have sufficient security expertise in-house.

The study also measured the uncertainty index by industry: Retailers and education & research were the industries showing the most uncertainty about their security postures. Financial services and technology & software fared as the most sure about their situations. Shier says SMB financial services firms may be more knowledgeable about their security postures due to their regulatory requirements.

"But the fact remains in breaches that occur that [SMBs] are equally as vulnerable when it comes to breaches and security threats," he says.

Larry Ponemon, president of the Ponemon Institute, says SMBs need to get a grasp on the risks. "CIOs are under pressure to implement new technology that informs agile and efficient ways of working, but this should not take precedence over security. The industry needs to recognize the potential dangers of not taking cybersecurity seriously and create support systems to improve SMB security postures," he says.

The full report, "The Risk of an Uncertain Security Strategy: Study of Global IT Practitioners in SMB Organizations," is available here (PDF) for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-12
INTELBRAS TELEFONE IP TIP200 version allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
PUBLISHED: 2021-04-12
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover pa...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.