Less than half of global SMBs think they’re at risk of suffering a ransomware attack this year, despite more than 60% having already been affected, according to new research from Webroot.
The security vendor polled 600 IT decision makers in the US, UK and Australia at firms with 100-499 employees to compile its latest report: Cyber Threats to Small and Medium Sized Businesses in 2017.
Just two-fifths (42%) claimed ransomware was a major external security threat this year, in spite of major global attacks such as WannaCry and ‘Petya’.
Higher up on the list were DDoS (43%), phishing (47%), mobile attacks (48%) and “new forms of malware infections” (56%).
In the UK, there was a worrying contradiction between the 72% of respondents who admitted their business wasn’t fully prepared to combat such threats, and the 87% who said they were confident that staff could handle any threat.
On the plus side, nearly all (98%) IT decision makers claimed they will increase their annual IT security budget in 2017 compared to 2016.
Part of that comes down to concerns about the impact of a security incident on customer confidence in the brand.
Over half of UK respondents claimed it would be more difficult to restore the company’s public image than to restore staff trust and morale.
A third of UK SMBs have a mix of in-house and outsourced security, a quarter have a dedicated in-house team, and 22% have in-house IT staff who deal with security alongside other tasks.
“The lack of concern about ransomware is leaving a gaping hole in the security of global businesses, as witnessed by the recent outbreaks of WannaCry and not-Petya. This, combined with the UK’s false sense of security when it comes to businesses’ ability to manage external threats, is worrying,” argued Webroot’s EMEA regional manager, Adam Nash.
“Small- to medium-sized businesses can no longer afford to put security on the back burner and need to start engaging with the issues and trends affecting the industry.”