SMBs Should Increase Cybersecurity Investment Despite the Economy

Written by

Times are tough. Interest rates are high, a recession is looming and companies are facing layoffs. From huge enterprises to small and mid-size companies, everyone is looking for ways to save. 

At the same time, hackers and cyber-criminals are still seeking ways to make money fast, and during tough financial times, they try even harder. Cyber-criminals see a recession as an opportunity to attack companies while they are at their weakest. Though the inclination may be to cut back on spending in areas like cybersecurity, companies – especially SMBs – need to get their cybersecurity processes in order now more than ever. 

Without proper controls in place, SMBs are easy marks. They don’t have the internal resources or deep pockets of huge enterprises, and if they are breached, remediation and recovery costs could be overwhelming. Over two-thirds (69%) of SMBs believe that an attack could put them out of business, according to ConnectWise. Additionally, National Cybersecurity Alliance figures show that about 60% of small businesses shut down within six months of a cyber-attack. Frankly, it could cost more to recover from a breach than it would have to invest in the right cybersecurity tools in the first place.

SMBs Cannot Afford to Cut Back on Cybersecurity 

Despite the current economy, now is not the time for SMBs to cut back on cybersecurity. On the contrary, keeping your guard up is more critical than ever. SMBs are particularly attractive targets to cyber-criminals who assume, often correctly, that small and mid-market companies don’t have strong security protocols. Hackers think they can get away with a quick attack and steal sensitive information. And they aren’t wrong: our research found that in 2022, the typical mid-market company anticipated between 56,000 and 86,000 attacks – or roughly five to seven attacks per employee per month. The fallout is enough to push an already teetering company over the edge. 

SMBs Should do More 

Although enterprise cybersec spending is strong, most SMBs are still not doing enough. A recent study found that only 8% of companies with under 50 employees and only 14% of companies with 50-249 employees have a dedicated cybersecurity budget; 47% have none at all. 

If and when a recession does hit, SMBs will feel the effects harder than their larger counterparts. While some SMBs might look at their budgets and think they can save by cutting back on cybersecurity, this only opens them up to greater risk. 

The Good News is SMBs Can do More (With Less) 

A recession is scary, but facing a cyber-attack that could flatline a business is much scarier. The key in times like these is figuring out how to save money without forgoing cybersecurity. While it may sound banal, it boils down to the old saying, do more with less

SMBs are, by nature, lean companies that, even under good economic conditions, know how to stretch their resources as much as possible. So take advantage of this superpower to evaluate ways to get more out of your cybersec investment. Here are three considerations that can help:

  1. Train teams to be security-aware: A strong security posture begins with people. Awareness training can help employees significantly reduce their susceptibility to schemes like phishing and become 70% less likely to engage in risky behaviors, saving money in the long run. Conduct periodic reviews of corporate security policies and tools, teach staff which red flags to look for, and keep them informed of the latest threats.
  2. Automate whatever processes possible and leverage AI: There’s a common misperception that AI-enabled technology is designed for bigger companies, but AI and automation free up tons of time and resources, making them powerful tools for SMBs. Automation alone can reduce costs associated with data breaches by 95%, and organizations with fully deployed security AI and automation can contain a data breach 28 days faster and save over $3m per breach. These tools can automatically detect and respond to malware and other threats without human intervention, reducing the costs associated with an in-house security or IT team and freeing up staff to focus on more strategic initiatives. 

  3. Invest in one comprehensive cybersec tool (instead of many point solutions): On average, enterprises have over 40 security tools. But SMBs can’t afford to purchase numerous point solutions, nor do they have the internal resources to learn, configure, and manage multiple tools. SMBs will realize a greater ROI if they invest in a comprehensive tool that covers every cybersecurity need. 

What’s hot on Infosecurity Magazine?