Over half of small and medium-sized businesses believe that their IT security will be compromised, yet only 10 percent plan to significantly increase their budget for IT staff, according to new research from Kaspersky Lab.
The budget allocated to IT security staff is not expected to increase for half of SMBs, and instead 40 percent are putting their trust in Security-as-a-Service providers. Seventeen percent have no plans to use an external IT security service, but 23 percent could add one in the next year, according to the report. Kaspersky says those prioritizing cloud security and business process outsourcing are considerably more satisfied with the efficiency of security consultancy and MSPs.
The Evolving Role of SaaS and IT Outsourcing in SMB IT Security shows that 40 percent of SMBs recognize that they lack sufficient insight or intelligence on business threats.
The most common concern for SMBs is the loss of internal and confidential data, as identified by almost half of those surveyed (48 percent). Over half (55 percent) are also worried about the complication of security management by trends like BYOD, and there is little doubt that a Security-as-a-Service provider is more likely to succesfully adapt to changes to the threat landscape than the 13 percent of SMB IT staff who specialize in security, according to the report.
While targeted attacks like the massive disruption suffered by Dyn last week are less concerning to SMBs, viruses and malware have caused a loss of productivity for 41 percent.
“On the one hand, (SMBs) typically have a lack of resources, budgets and security expertise that can make them attractive to cybercriminals,” Vladimir Zapolyansky, head of SMB marketing, Kaspersky Lab said in a statement. “On the other hand, increasingly complex security environments resulting from trends such as the volume of mobile devices they need to protect requires action. This makes it all the more important to spend budgets wisely and look at other options for remaining vigilant and getting the protection they need, and by taking a SaaS approach to security, SMBs can take advantage of endpoint security solutions without having the hefty budgets of enterprise counterparts.”