Cybersecurity threats are increasingly prevalent and more dangerous than ever before in today’s technology-driven world. The risk of a security breach is a significant concern for businesses; it not only exposes confidential customer data and erodes trust, but also leads to revenue losses if critical systems go offline due to DDoS attacks.
SMBs and startups are particularly vulnerable to these threats. The impact of a breach on their operations is potentially devastating and addressing the issue can drain their resources. Companies must devote significant resources to maintain and update their systems, train employees on cybersecurity best practices, and deploy effective security software (which is often not an option for many SMBs and startups).
In fact, 42% of SMBs have one employee dedicated to security and 38% have zero employees dedicated to security, according to a DigitalOcean report. Those numbers (at least, in part) explain why SMBs have pain points when it comes to cybersecurity; more specifically, with the time and budget to manage that security.
And security isn’t the only concern for SMBs when it comes to lack of resources, though. The study also found that 74% of businesses say that data privacy is also a top concern for their business – as it should be. However, just like a decent percentage don’t have employees dedicated to security, a majority have zero employees dedicated to data privacy.
“The findings in this report show that SMBs have specific needs and pain points, particularly when it comes to hiring and having dedicated security employees,” said Tyler Healy, Vice President of Security at DigitalOcean. “Even without a traditional security role, there should be someone responsible for making security decisions in every organization; this kind of accountability is crucial.”
Still, even with resources being limited, there isn’t a lack of trying to take measures to prevent cyberattacks. In the report, more than half implemented two-factor authentication, 41% implemented firewalls or security applications and 37% implemented password or access controls.
And when it comes to data privacy, one area of focus for companies that want to ensure their data is protected and secure is reviewing the security and data protection policies of third-party vendors, which can include cloud providers and other technology vendors. According to the study, 62% request legal agreements, such as data protection agreements and privacy policies; 57% request regulatory requirements, such as GDPR, HIPAA or FedRAMP; and 29% request certifications, such as SOC and ISO.
Without dedicated cybersecurity employees, SMBs must act early and trust their vendors (including cloud providers and other security products) to maintain a secure environment in a changing threat landscape. Those that don’t, unfortunately, risk customer attrition, reputation damage and revenue loss.
“SMBs shouldn’t look to overcomplicate their security posture,” said Healy. “Choices to simplify security posture early can pay dividends as a business scales.”
Edited by Alex Passett