alexskopje - stock.adobe.com
Small and medium-sized enterprise (SME) customers are taking security more seriously and setting aside budgets to shore up their defences, but many users are finding it a challenge to find skilled staff to handle issues in-house.
According to the 2022 State of ransomware report from Datto, the takeaway for the channel is the widening recognition by small and mid-sized firms that they are in the firing line and need to do more to increase their security levels.
The research found that around 20% of budget was going to security and just shy of half of those quizzed expected that level to increase over the coming year, with money going into antivirus, email protection, and cloud and networking tools.
Datto also uncovered widespread adoption of cyber insurance, with 69% of SMEs currently paying for a service and most of the remainder planning to follow over the course of 2023.
“We’re seeing many businesses take more steps to protect themselves against threat actors,” said Chris McKie, vice-president of product marketing for security and networking solutions at Datto.
“Whether they’re investing in new security products or utilising multiple security frameworks, most SMEs realise the very real threat ransomware poses for their business, and they’re doing what they can to keep themselves safe,” he added.
Apart from specific product areas, some of the findings from the research that should interest managed service providers included the relatively low numbers of customers that had robust recovery plans in place. There was also room for improvement in levels of disaster planning.
Customers’ concerns continue to evolve, and the channel has to adapt to the latest threats and shifting priorities for users.
Adding to the Datto research, findings from security consultancy S-RM indicated that hybrid working was no longer the trigger for sleepless nights it had been, but trying to plug the security skills gap was now keeping many customers up worrying.
“While we have found that more companies are now adjusting to hybrid working and viewing it as less of a risk, it’s clear that cyber security challenges are continuously evolving – and 2023 will bring fresh risks to consider,” said Jamie Smith, board director at S-RM.
One of the consequences of increased threat awareness was for customers to try to develop internal resources to deal with the problems. Many were coming up against challenges filling posts or accessing expertise.
Paul Caron, head of cyber security at S-RM, said there had been real progress across a range of industries but that problems were far from solved. “There is still a significant skills gap evident in the workforce,” he said. “This is a perennial problem for the sector: how to attract and retain the best talent, to win the knowledge, skills and technology arms race between threat actors and private businesses.
“It’s crucial for businesses to continue to invest in high-quality cyber security training, to both attract talent and firm up their own defences by closing the skills gap.”