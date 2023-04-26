The approach to cybersecurity of SMEs from different sectors and risk factors: the analysis by Fabio Buccigrossi, Country Manager of ESET Italy.

As threat detections continue to increase, the growing cybersecurity skills gap leaves companies exposed. This is a problem particularly felt by SMEs, who are forced to cut expenses due to the current economic climate.

For this reason, we recently surveyed over 700 SMBs from different industries to check their ability to detect and deal with the latest cyber threats. The differences are stark. Some industries have great confidence in their own internal cybersecurity expertise. Others prefer to outsource their management to an expert to ensure proper protection.

Business and professional services

Data suggests that over a quarter (26%) of SMBs in the business and professional services sector have little or no confidence in their in-house cybersecurity expertise. Just under a third (31%) feel their teams lack understanding of the latest threats. Additionally, a third (33%) say they have difficulty determining the root cause of a cyber attack. Nearly 4 in 10 SMBs (38%) in the Business & Professional Services category manage their security in-house, slightly more than the average SMB (34%).

Half outsourcing

Just over half (54%) prefer to outsource it instead. However, a further 8% are moving to outsource their cybersecurity management within the next 12 months. Only 24% of SMEs operating in the sector prefer to keep security management in-house, the lowest data of all sectors examined. Just over a quarter (26%) choose to rely on a single security vendor and 40% on multiple providers.

Financial services

Nearly 3 out of 10 SMEs (29%) operating in the financial services sector have not trust in internal expertise in information security. An even greater number (36%) do not believe their employees’ understanding of threats is sufficient. However, only 26% of SMBs feel ineligible to determine the cause of a cyber attack, less than the average SMB (29%).

Managing security at home, as is the SME’s approach to cybersecurity

Only 28% of SMEs in the sector manage their security internally, the lowest figure of all the sectors analysed. Almost two thirds (65%) outsource it, much more than the average SME (59%). Just over a quarter (26%) prefer to keep security management in-house. The same number prefer to outsource to a single provider, while 39% prefer to outsource their security to multiple providers.

Manufacturing and industrial industry

A third (33%) of manufacturing and industrial SMBs have little or no trust in their in-house cybersecurity expertise, much more than the average SMB (25%). Four in 10 (40%) believe their employees lack understanding of security threats, more than any other industry. However, only 29% fear having difficulty determining the cause of a cyberattack. Only 3 out of 10 SMBs (30%) manage security internally. More than double (63%) prefer to outsource it instead, the second highest figure among all sectors.

A third (33%) of SMBs in the industry prefer to keep cyber security management in-house, the highest percentage of all industries. Only 24% choose to rely on a single supplier, while 35% turn to multiple providers.

Retail, wholesale and GDO

Four out of five SMEs (80%) in the retail, wholesale and mass distribution sector have moderate to high trust in their in-house cybersecurity expertise, the highest of all sectors. Expectations on the skills of the IT team are also far higher than those found in the manufacturing sector (67%). Three-quarters (74%) of SMBs have moderate to high confidence in their employees’ understanding of security threats, compared to just 64% of financial services SMBs. Similarly, 79% of SMBs trust their ability to determine the cause of an attack.

SMB approach to cybersecurity, analysis of the ESET report

More than 4 in 10 SMBs (41%) manage their cybersecurity in-house, the highest percentage of any other industry. For this reason, only the 53% currently outsources its own security. However, 6% intend to do so in the next year. Approximately 3 out of 10 (31%) SMBs operating in the sector show a preference for internal security management. The same number prefer to rely on a single provider, while another 28% turn to multiple providers.

Technology and telecommunications

A quarter (25%) of SMEs operating in the IT and TLC sector does not consider sufficient in-house IT security expertise. Although 78% have low to high confidence in their employees’ understanding of security threats. More than three-quarters (77%) trust their ability to determine the root cause in the event of an attack. Perhaps unsurprisingly, more SMBs (37%) manage their cybersecurity in-house than the average SMB (34%).

Prefer a single supplier

However, more companies outsource their security than retail companies (58% vs. 53%). Three out of 10 SMBs (31%) prefer to keep security management in-house. Instead, 23% choose to rely on a single supplier and 36% on multiple providers.

A false sense of security? The SME approach to cybersecurity

SMBs adopting an in-house cybersecurity management approach can fall into themistake to overestimate one’s level of protection. When opting for a strategy of this type, it is recommended to carry out regular security audits by third parties and to create and update security policies on a regular basis.

Il Digital Security Sentiment Report 2022 from ESET clearly shows the direction growing security needs are sending SMBs. 32% of companies surveyed reported using endpoint detection and response (EDR), XDR or MDR. 33% are planning to leverage this technology in the next 12 months.

With the majority of SMEs in the IT and telecommunications (69%), manufacturing and industrial (67%) and financial services (74%) sectors preferring to outsource their security activities, one question remains eluded by this survey: Which Specific types of companies in these verticals are prioritizing retaining in-house management and why?