Techaisle’s 2019 US SMB and Midmarket Security solutions adoption trends survey research indicates that 55 percent of US SMBs suffered a security incident in the last one year. 20 percent of SMBs reported but as high as 70 percent did not formally report yet experienced PC security & data theft breaches in the last one year. In many ways data suggests that SMBs are regressing in their adoption of security solutions to protect their corporate and mobile environments. For example, in the 2019 study, 32 percent of SMBs believe that their IT security budgets are sufficient to meet their needs, which is substantially down from 43 percent in 2017 and 22 percent assert that they are better prepared than others when it comes to IT security, considerably lower than 32 percent in 2017. Even the presence of formal security protocols in case of a breach and/or security incident has gone down from being present in 34 percent of SMBs in 2017 to 26 percent in 2019. However, the belief that cloud usage/services puts them at a higher risk of a data breach has remained virtually unchanged from 40 percent in 2017 to 38 percent in 2019. To make a fair trend comparison Techaisle surveyed same number of SMBs in 2017 and 2019 with exactly same quota sampling.
It is not that SMBs are not concerned about security risks. Cloud security is the top IT challenge in 34 percent of small businesses and 42 percent of midmarket firms. 41 percent of SMBs feel vulnerable in the cloud and 34 percent worry about cyber-attacks and 39 percent consider password compromise to be a security risk to their business.
A review of cloud security threats to SMBs illustrates the fact that while cloud brings unique challenges. Data highlights many different points of security exposure that arise when applications, data and access extend outside the corporate facility. 38 percent of SMB survey respondents are concerned with data exposure during transfers to remote locations, 37 percent are concerned with the potential for cloud-based accounts to be hijacked. Similarly, other concerns are unauthorized access to or breaches of data repositories in the cloud, insecure interfaces used to access cloud-based systems, the potential for insiders within a cloud service provider to exfiltrate information, and denial of service (DDoS) attacks – all of which represent cloud-specific threats.