SMBs struggling with pace of change 

Following research published by Sage last week, some stark, key findings highlight the growing challenges SMBs are facing in keeping up with and managing threats to their digital estates. 

Following 2,100 online interviews with decision makers in SMBs with up to 499 employees, across nine countries, the key findings are as follows: 

• 48% of SMBs have experienced a cyber security incident in the past year 
• 25% of SMBs have experienced more than one cyber security incident in the past year 

• 51% say keeping on top of new and emerging threats is their biggest challenge 
• 91% of SMBs expect cyber security investments to increase or remain the same in the coming year 
• 69% of SMBs say cyber security is part of their culture, but most only discuss when something changes or goes wrong internally 
• 19% of SMBs rely solely on basic controls 
• 58% backup their data 

• 82% of SMBs have a process in place to manage cyber security risks  

However… 

• 25% of those who have a process in place for remote workers admit not adhering to it 
• 91% of SMBs expect cyber security investment to increase or remain the same in the next year 
• 64% of SMBs use cyber insurance, while 74% plan to use it next year 

• 52% want more support with cyber security education and training 
• 44% say economic uncertainty/cost of living has reduced cyber security budgets 

Amicis’ Analysis 

This comprehensive research across multiple territories re-emphasises what has been recognised for a long time.  SMBs do not, nor should they necessarily posses the capability, tooling or foresight to address the threats facing them.  Cyber insurance continues to be a challenging field to settle on specifics of what can be insured, in given circumstances, and as technology is continually invested in to drive growth and innovation, the human side of cyber will remain the greatest area of weakness, with 95%+ of attacks still emanating from human error. 

The most logical approach SMBs can take is to establish a simple, cost effective understanding of their susceptibility to a cyber attack via regular penetration testing of their environment, supplemented by monitoring of their estate for any suspicious activity that can then be further investigated, delivered by a specialist cyber partner who should be making skills, knowledge, capability and behavioural transfer a staple of their service offering.  Finally, there should be a clear and concise, documented plan for what the business will do when an attack happens. All this serves to protect businesses against attacks, safeguarding their reputation, maintaining compliance; making their technology and people their greatest enablers for growth, innovation and differentiation rather than their weakest assets. 

Where do SMBs start? 

No two businesses are the same.  If you have concerns about your cyber health or simply looking to understand where to begin in addressing threats and securing your business, contact Amicis at hello@amicisgroup.co.uk or click here to arrange a call with one of our team to understand how we’re supporting people in the same spaces as you. 

For the full Sage report, follow this link https://www.sage.com/en-gb/company/digital-newsroom/2023/10/12/cyber-security-for-navigating-complexity-and-building-resilience/