FastestPass Report: Strategies for SMB
Leaders Facing the Cybersecurity Disconnect
When it comes to cybercrime, small and medium-sized businesses (SMBs) have a growing target on their backs. Bad actors identified the vulnerability of these organizations with limited resources and underdeveloped cybersecurity policies. Furthermore, these smaller entities are often seen as gateways to larger organizations within the supply chain, making them potentially lucrative targets for attacks.
98% of cyberattacks on SMBs were financially motivated, with 54% involving compromised credentials - 2023 Verizon DBIR
To shed light on how these trends are playing out within SMBs, FastestPass recently polled more than 600 business and IT security leaders from companies with fewer than 3,000 employees.
The survey revealed a concerning pattern: while SMB leaders are becoming more proactive in their approach to cybersecurity – increasing awareness of and investment in security measures, for example – respondents identified that human factors are still creating serious security gaps that can leave these organizations vulnerable from cybercriminals.
Revealing the Accountability Disconnect
The most salient phenomenon the survey identified is the accountability disconnect between executive actions and employee behaviors.
Executives are increasing their focus on and investment in cybersecurity, with 90% of IT leaders and 80% of non-IT leaders reporting an increased focus on cybersecurity measures over the past year, and 82% of businesses boosting their cybersecurity budgets.
In turn, 92% of executives and 93% of IT leaders reported believing employees understand security expectations. And the majority of executives and IT leaders reported feeling confident about their cybersecurity measures, with only 30% of leaders believing their company faces a high risk of cybersecurity issues.
While SMB leaders are becoming more proactive in their approach to cybersecurity, human factors can still create serious security gaps that leave these organizations vulnerable.
However, the survey results suggest a different reality on the ground:
-
Only 78% of non-IT leaders believe employees understand the security expectations of their jobs
-
1 in 5 business leaders admits to circumventing security policies
-
1 in 10 IT security leaders admits to circumventing security policies
-
1 in 4 younger workers are likely to break policies
-
36% of Gen Z professionals admit to writing down passwords
The survey suggests that while financial investments in cybersecurity are increasing, qualitative investments are equally crucial.
How to Close the Gap: Cybersecurity tips and best practices
Considering these findings, SMB leaders can enhance their cybersecurity strategies by focusing on policy improvements, employee education, and cultivating a culture of security awareness.
