SMB Skills Gaps and #COVID19 Imperil Cyber-Resilience

Skills gaps and mass remote working are the biggest security challenges facing small- and medium-sized businesses (SMBs) today, according to new research from Infosecurity Europe.

The organizers behind the number one cybersecurity event in the region canvassed opinion from nearly 3700 industry experts via a Twitter poll.

A plurality (42%) cited a lack of security expertise as the number one challenge to cyber-resilience facing SMBs, while COVID-related lockdowns came second top with 34%.

According to the latest global figures, industry skills shortages have come down since last year, from 4.07 million to 3.12 million. However, while many are joining the industry, the narrowing gap can partly be explained by job losses during the pandemic.

SMBs often find it hardest to recruit and have fewer resources to spend on training. That’s a concern considering half (50%) of respondents claimed small firms are mainly responsible for in-house education and training.

SMBs are also often hardest hit by recession. A recent study from O2 and the Center for Economic Business Research (CEBR) claimed that small businesses would be hit six-times harder than after the financial crash of 2008.

Unsurprisingly, a quarter (24%) of small businesses said they are spending less because of the pandemic, with only 18% spending more to improve cyber-resilience. Perhaps reassuringly, over two-fifths (43%) said “little has changed” financially.

“Typical challenges such as lack of budget, staff being stretched thin and a changing threat environment have all been amplified in 2020. For many small businesses, the focus was on making sure they could still operate, and concerns like cyber-resilience were not necessarily a priority,” says Heidi Shey, principal analyst at Forrester Research.

“If business is down, cuts have to come from somewhere. Harder-hit sectors like retail or travel had to make different choices than those in a more fortunate position. Most spending was reactive; to support remote work, many had to make investments in things like laptops, VPNs and collaboration applications.”

Infosecurity Europe is scheduled to take place June 8-10 2021 at London’s Olympia.

What’s Hot on Infosecurity Magazine?