Techaisle’s 2019 US SMB and Midmarket Security solutions adoption trends survey research indicates that 55 percent of US SMBs suffered a security incident in the last one year. 20 percent of SMBs reported but as high as 70 percent did not formally report yet experienced PC security & data theft breaches in the last one year. In many ways data suggests that SMBs are regressing in their adoption of security solutions to protect their corporate and mobile environments. For example, in the 2019 study, 32 percent of SMBs believe that their IT security budgets are sufficient to meet their needs, which is substantially down from 43 percent in 2017 and 22 percent assert that they are better prepared than others when it comes to IT security, considerably lower than 32 percent in 2017. Even the presence of formal security protocols in case of a breach and/or security incident has gone down from being present in 34 percent of SMBs in 2017 to 26 percent in 2019. However, the belief that cloud usage/services puts them at a higher risk of a data breach has remained virtually unchanged from 40 percent in 2017 to 38 percent in 2019. To make a fair trend comparison Techaisle surveyed same number of SMBs in 2017 and 2019 with exactly same quota sampling.
It is not that SMBs are not concerned about security risks. Cloud security is the top IT challenge in 34 percent of small businesses and 42 percent of midmarket firms. 41 percent of SMBs feel vulnerable in the cloud and 34 percent worry about cyber-attacks and 39 percent consider password compromise to be a security risk to their business.
A review of cloud security threats to SMBs illustrates the fact that while cloud brings unique challenges. Data highlights many different points of security exposure that arise when applications, data and access extend outside the corporate facility. 38 percent of SMB survey respondents are concerned with data exposure during transfers to remote locations, 37 percent are concerned with the potential for cloud-based accounts to be hijacked. Similarly, other concerns are unauthorized access to or breaches of data repositories in the cloud, insecure interfaces used to access cloud-based systems, the potential for insiders within a cloud service provider to exfiltrate information, and denial of service (DDoS) attacks – all of which represent cloud-specific threats.
16 percent of small businesses and 12 percent of midmarket firms are unsure of what are the biggest cloud security threats to their organizations. These figures were identical in 2017. Data on cloud security threats and mitigation options available to SMBs illustrates the fact that while cloud brings unique challenges, the measures used to address the expanded threat profile are consistent with those that would represent good practice in any infrastructure context. Data and network encryption, intrusion detection and prevention (IDP), the creation of data boundaries that separate different information sets, use of access control technologies, the setting and enforcement of security policies, and effective data categorization and segmentation are being considered by SMBs as the most effective at protecting data in the cloud. Unlike the threats, though, that are specific to cloud/hybrid IT infrastructure, these approaches do not arise uniquely from use of cloud: they can and should be applied within environments that are not cloud based as well. Any business that relies on a network and supports mobile users (necessitating access control) would do well to implement all of these measures.
It is interesting to note that 26 percent (29 percent in 2017) of small businesses and 13 percent (2 percent in 2017) of midmarket firms are unsure of what security technologies would be most effective in protecting data in the cloud. This points to tremendous opportunity for suppliers to position their own offerings/approaches in this market.
In small business, there is a need to educate buyers about the gaps that exist between current preparedness and risks, and between small business readiness and the approaches that are common within larger organizations: small businesses need to understand where and how to invest in a wider range of security solutions, especially with respect to covering threats associated with mobility and cloud. There is also a need to respond to price-performance pressures.
Vendors targeting the midmarket with security solutions face a different set of challenges. This market has accepted the need for advanced and overlapping security capabilities – is increasing its investment in security products and services. Here, the primary need will be to understand the niche solutions that will appeal to midmarket buyers and in presenting the solution as both uniquely capable of addressing the specific threat and also seamlessly integrated with existing solutions and offerings from market-leading vendors.