Lack of budget is biggest security challenge for SMEs

Cybersecurity company Netwrix has announced additional findings from its survey conducted in February 2023 among security and IT professionals from 106 countries, which is particularly relevant for organisations with less than 100 employees.

According to the survey, small organisations experience the same cyber threats as the respondents overall. The most common security incidents are phishing, ransomware, and user account compromise. However, smaller organisations usually have fewer resources and experience with which to address security threats. Indeed, lack of budget is their top security challenge, reported by one in two small companies.

Dirk Schrader, VP of security research at Netwrix says: “Cost efficiency is top of mind for small organisations. To improve their security posture, these organisations may want to seek out solutions that are tuned for the unique cost and security needs of small businesses. In addition, partnering with a vendor that offers multiple solutions is a way to get a larger discount for using several tools."

Improving security posture of smaller organisations

When Netwrix asked IT pros what they would do to improve the security posture of their small organisation if they had a chance to decide on their own, their top choice was IT staff training.

“One option for addressing the lack of cybersecurity expertise is to consider outsourcing security-related tasks to a managed service provider (MSP) or managed security service provider (MSSP). This approach not only eliminates the need to hire additional internal IT talent but can also reduce the cost of maintaining security software. For example, if a new compliance requirement arises, the MSP can make the necessary changes once, implement them across their customer base, and share the cost of the customisation among those clients,” says Dmitry Sotnikov, VP of product management at Netwrix.

More than two-thirds (68%) of small organisations have a hybrid IT architecture. Interestingly, only 45% of the small organisations that are exclusively on-premises plan to adopt cloud technologies, compared to 69% among respondents overall.

“On one hand, there are a lot of cloud-native small businesses, born when cloud was already an integral part of the IT landscape. On the other hand, many small organisations made significant investments into their on-premises infrastructure and may not have the budget or resources to then migrate to the cloud,” says Schrader.

Experience and cloud adoption

“Lack of experience and fear of moving to the cloud can also hinder cloud adoption in small organisations. To benefit from the greater flexibility that comes from transferring some security-related tasks to a cloud provider, smaller organisations can engage an MSP to map the most effective cloud migration path for their business and consider using security tools that cover both on-premises and cloud infrastructure,” says Dmitry Sotnikov.

To learn more about security trends, find the complete report here: 2023 Hybrid Security Trends Report.