Specops Software Survey Shows SMEs Spending Less on Cybersecurity

A high number of small and medium enterprises (SME) have no plan to deal with cyberattacks, according to a new Specops Software survey.

Specops Software polled 1,600 SME owners and asked them 12 questions. All of the questions were crafted in response to the latest Kaspersky report. That report shows a lack of investment in IT security.

According to Specops Software’s survey:

• Over the last year, SMEs decreased their IT security by an average of nearly $5 million.
• Thirty-two percent of businesses see “no reason to invest so much in IT security.”
• Despite a drop in security investments, 66% of SMEs say it is worth making “huge” investments in cybersecurity practices.
• Thirty-one percent of SMEs believe that they are not at risk themselves and bigger businesses are.
• Seventy-one percent do not have a formal plan/protocols in place to deal with any potential cyberattacks.

All Companies Need to Protect Data

Darren James is Specops Software’s head of internal IT.

Specops Software’s Darren James

“All companies, regardless of size, need to protect sensitive data,” he said. “The ones that are most at risk are the ones that don’t prioritize cybersecurity. Passwords are a weak link that can be addressed by using multifactor authentication (MFA) when possible, and securing passwords when MFA is not available. The best way to secure passwords is to prevent employees from choosing weak and leaked passwords.”

Just over half of respondents said they thought it would be harder for a small business to overcome an attack compared to a large business. Forty-one percent disagreed, 7% were not sure, and 1% chose not to answer.

When asked if they believed their business was adequately prepared for potential attacks, 55% said that they did not. Forty-two percent expressed confidence and the remaining 3% preferred not to answer.

When asked whether they would be prepared to make cuts elsewhere to afford additional cybersecurity, 42% said yes and the remaining 58% said no. It seems that businesses are less likely to take resources from elsewhere to pay for comprehensive cybersecurity.

It also appears tight budgets might be a driving factor behind SME decisions to decrease cybersecurity investment, Specops Software said. When asked whether any business budget cuts would have an impact on how much is invested in cybersecurity for the overall business, 58% of respondents said yes, while only 32% said no. Nine percent said they weren’t sure, while 1% failed to answer.

Likewise, when asked whether a decrease in business performance would lead to a decrease in how much they invest in cybersecurity for their business, 72% said it would, while just 28% said it would not.