According to a recent survey, only 37% of small to medium-sized businesses (SMBs) feel their organization is well prepared to protect against and remediate cybersecurity threats.
The 2015 SMB Threat Report (PDF) by Webroot surveyed 700 IT decision-makers across organizations with less than 1,000 employees in the US, UK and Australia.
The report found that about one in three companies (32 percent) said their IT staff handles cybersecurity along with other general IT responsibilities.
“This leaves employees stretched thin and unable to devote the necessary time to many critical cybersecurity tasks,” said the company in a press release.
“Instead of taking a more proactive approach, these companies are often left on the defensive—not an optimal scenario in today’s world of zero-day attacks, phishing scams, social engineering attempts, and malicious websites.”
Respondents revealed the areas in which they feel most unprepared for included dealing with insider threats (48 percent), such as employees; unsecured internal and external networks (45 percent), such as public Wi-Fi; and unsecured endpoints (40 percent), such as computers and mobile devices.
Nearly 60 percent of respondents also stated they perceive themselves at a disadvantage compared to better-funded organizations with more resources. Meanwhile, 45 percent of respondents said they did not have enough time to stay up-to-date on cybersecurity threats.
When asked how much time was spent actually working on cybersecurity issues over the last six months, a surprising 56 percent of IT decision-makers reported having spent less than 17 hours (2 business days).
The report notes this is likely due to a lack of adequate IT support and resources dedicated to security education and prevention.
Nonetheless, SMBs are well aware of their need to significantly improve their preparedness and overall security posture, with 81 percent of businesses planning to increase their annual IT security budget for 2016 by an average of 22 percent.
Respondents are also very open to other strategies for improvement, with an overwhelming 81% also in agreement that outsourcing IT solutions (including cybersecurity endeavors) would increase their bandwidth to address other areas of their business, the report added.