While threat detections continue to rise, the widening cybersecurity skills gap is leaving businesses exposed. It is an issue particularly felt by SMBs forced to rein in their spending due to the current economic climate. With this in mind, we recently surveyed over 700 SMBs across a variety of sectors to ascertain their ability to detect and respond to the latest cyber threats. The differences are stark. While some sectors have high confidence in their in-house cybersecurity skills, others prefer to significantly outsource cybersecurity to an external expert to ensure they are protected.
Let’s look at each sector in detail:
Business and professional services
Data suggested that over a quarter (26%) of business and professional service SMBs have slight to no confidence in their in-house cybersecurity expertise. Just under a third (31%) have little confidence in their teams’ understanding of the latest threats. Further, a third (33%) believe they would struggle to determine the root cause of a cyberattack.
Almost 4 in 10 (38%) SMBs in the category of business and professional service manage their security in house, slightly more than the average SMB (34%). Just over half (54%) prefer to outsource it instead. However, an additional 8% are looking to outsource their cybersecurity within the next 12 months.
Only 24% of business and professional service SMBs prefer to keep their security management in house, the lowest of any sector surveyed. Just over a quarter (26%) prefer to outsource to a single security provider and 40% outsource to multiple providers.
Financial services
Almost 3 in 10 (29%) of SMBs operating in financial services have slight to no confidence in their in-house cybersecurity expertise. Even more (36%) have slight to no confidence in their employees’ understanding of cybersecurity threats. However, only 26% of financial services SMBs believe they would struggle to determine the root cause of a cyberattack, less than the average SMB (29%).
Only 28% of financial services SMBs manage their security in house, the lowest of all the sectors we surveyed. Rather, almost two-thirds (65%) outsource it instead, far more than the average SMB (59%).
Just over a quarter (26%) of financial services SMBs show a preference for keeping their security management in house. The same number prefer to outsource to a single provider, whilst 39% like to outsource their security to multiple providers.
Manufacturing and Industrial
A third (33%) of manufacturing and industrial SMBs have slight to no confidence in their in-house cybersecurity expertise, far more than the average SMB (25%). Four in 10 (40%) have slight to no confidence in their employees’ understanding of security threats, more than any other sector. Yet only 29% worry that they would struggle to determine the root cause of a cyberattack should the worst happen.
Just 3 in 10 (30%) manufacturing and industrial SMBs manage their security in house. Over twice as many (63%) prefer to outsource their security instead, the second highest of any sector.
A third (33%) of SMBs in the manufacturing and industrial vertical show a preference for keeping their cybersecurity management in house, the most of any sector. Only 24% prefer to outsource to a single security provider, and 35% outsource to multiple providers.
Retail, wholesale, and distribution
Four in five (80%) retail, wholesale, and distribution SMBs have moderate or high confidence in their in-house cybersecurity expertise, the most of any sector. This is far more confidence in the IT team’s cybersecurity expertise than seen in the manufacturing sector (67%). Three quarters (74%) of retail, wholesale, and distribution SMBs have moderate or high confidence in their employees’ understanding of security threats too, compared to just 64% of financial services SMBs. Similarly, more retail, wholesale, and distribution SMBs (79%) have confidence in their ability to determine the root cause of an attack than any other sector.
Over 4 in 10 (41%) retail, wholesale, and distribution SMBs manage their cybersecurity in house, the most of any sector. Because of this, only 53% currently outsource their security. However, 6% are looking to do so in the next year.
Around 3 in 10 (31%) retail, wholesale, and distribution SMBs show a preference for keeping their security management in house. The same number prefer to outsource to a single security provider, and a further 28% outsource to multiple providers.
Technology and Telecoms
A quarter (25%) of technology and telecoms SMBs have slight to no confidence in their in-house cybersecurity expertise. However, more SMBs in the sector (78%) have moderate or high confidence in their employees’ understanding of security threats than any other. Over three-quarters (77%) also have confidence in their ability to determine the root cause should an attack happen.
Perhaps unsurprisingly, more technology and telecoms SMBs (37%) manage their cybersecurity in house than the average SMB (34%). More, though, outsource their security than retail businesses (58% versus 53%).
Three in 10 (31%) technology and telecoms SMBs show a preference for keeping their security management in house. In contrast, 23% prefer to outsource to a single provider, and 36% outsource to multiple security providers.
A false sense of security?
Whilst SMBs in certain sectors have higher confidence levels and different approaches to their cybersecurity management than others, often these SMBs are managing their cybersecurity completely in house and thus may have an outsized sense of security. Where in-house management is pursued, regular third-party security audits are recommended as well as both creation of and regular updates to security policies.
ESET’s 2022 SMB Digital Security Sentiment Report sends a clear message about where these growing needs are driving SMBs. A total of 32% of SMBs surveyed reported use of endpoint detection and response (EDR), extended detection and response (XDR), or managed detection and response (MDR) and 33% plan to leverage the technology in the next 12 months. With a majority of SMBs in technology and telecoms (69%), manufacturing and industrial (67%), and financial services (74%) preferring to outsource their security needs, a question that remains elusive from this survey is: Which specific business types in these verticals are prioritizing continuing in-house management, and what are their specific reasons?