The vast majority of small to medium-sized businesses (SMBs) rank security as their top priority, though less than a third of those organizations have a dedicated IT security professional on staff, according to 2018 SMB IT Security Report, released today by Untangle.
More than 350 SMBs worldwide participated in the survey, which attempted to gauge their state of IT security by looking at trends in budget and resource constraints, breaches, IT infrastructure, cloud adoption and the general state of IT. The report found that SMBs continue to struggle when it comes to deploying IT security solutions, largely because of tight security budgets and a lack of expert staff. With more companies planning to implement SD-WAN solutions, increasing reliance on cloud infrastructure is a growing concern for network security.
Additionally, the report revealed that 75% of SMBs have fewer than five physical locations and 60% of those businesses have fewer than 100 end-user devices; however, 34% of all respondents said they do not have BYOD policy. While almost 80% of respondents ranked security as very important to the business, more than half of them are spending less than $5,000 per year for IT security. Of those, half are spending less than $1,000 per year.
Less than 30% of businesses have at least one dedicated IT security professional, and more than 50% of businesses said that they distribute IT security responsibilities across other roles. Budget constraints are the biggest obstacle in advancing the IT security for 47% of survey respondents, while 37% said that they have limited time to research and understand new threats. Another 34% said the skills gap is a problem because they lack the manpower to monitor and manage security (multiple responses allowed).
“SMBs have less expertise and fewer dollars to dedicate to IT security, but they are the primary target of a growing number of phishing and malware threats, particularly as they move towards more cloud-based tools,” Scott Devens, CEO at Untangle, said in a press release. “This report confirms that SMBs are in dire need of easy-to-deploy, intuitive solutions to protect their networks that don’t require hiring additional personnel or time-intensive commitments from existing staff.”