Skip links

Toward the cutting edge: SMBs contemplating enterprise security

Survey finds SMBs, weary of security failures, curious about detection and response

How a company sees its digital security preparedness is critical. Conservative companies might follow the crowd, implementing a necessary minimum to ensure nominal security, and perhaps that’s the right choice for their business. Margins could be tight, or growth might not call for an outsized security budget. Maybe digitization has spared their business segment or processes more than others.

In contrast, perhaps growth and demand look healthy: You either have unique intellectual property or an industry-beating service, and you’ve invested in the tech needed to grab the opportunities. You might aspire for your IT team to mature into a security operations center (SOC), growing increasingly able to defend business continuity and secure the workforce.

In either case, on the back end of the pandemic, both the broadened use of hybrid working and the war in Ukraine have had social, political, and economic impacts that have shifted the sentiment of small and medium-sized businesses (SMBs) and their appetite for risk and more tech.

A fork in the road

SMBs facing these conditions are looking seriously at onboarding improved endpoint security solutions featuring detection and response, and while some are looking to manage those platforms on their own, others are turning to security as a managed service – sometimes incorporating managed detection and response (MDR).

Costs are a factor. Paying managed security service providers (MSSPs), with or without managed detection and response (MDR), is not inexpensive. Nor is managing detection and response on your own, especially with the need to locate and retain experienced security admins. However, with an average €220,000 loss to business due for each security breach/incident, SMBs are paying close attention to the changing endpoint security landscape. From the US and Canada to the UK and the Nordics, SMBs are facing a fork in the road.

Many, if not most, have onboarded significant tech and changed processes to allow for hybrid work over the past two years. Along the way, this opened up many threat vectors from the increased use of the Remote Desktop Protocol (RDP) and of cloud storage and computing, all while threats targeting large service and collaboration platforms like SolarWinds Orion, Kaseya VSA, and Microsoft 365 have persisted.

With additional threats from ransomware and supply-chain attacks making life even harder, 2022 has seen SMBs vote with their feet. Thirty-two percent of surveyed SMBs have a detection and response solution, and another 33% are seriously interested in operating one in the next 12 months. Meanwhile, 76% have confidence in the future use and efficacy of this traditionally enterprise-grade tool. Prices and product offers reflect this willingness to try, but are businesses prepared to choose now? With 84% of respondents believing in tech advancements enabling their growth, can we be sure that security ranks highly among them?

Fear or greed?

Threat detections are up 20% year over year. In particular, web threats have risen by 28%, and Outlook login phishing forms sent via email have risen by 68%. In this context, SMBs are right to be concerned. While there is high confidence in the efficacy of detection and response technology, only a third of SMBs feel secure in their IT team’s cybersecurity knowledge, and even less feel secure in their ability to efficiently execute threat forensics.

Why the gulf in confidence between this tech and the workforce? The 2022 ESET SMB Digital Security Sentiment Report delves in deeper and draws out several insights that may help SMB IT budget holders take pause and think about where their company is on its security journey. Read more to see where you line up on these critical issues.