‘Savvy’ SMEs now rival big firms on cybersecurity, says Cisco

• More than half (60 percent) of SMEs have a team of more than 20 employees dedicated for cybersecurity, according to Cisco
• Close to half of SMEs have up to date cybersecurity infrastructure
• SMEs are more likely to be targeted by bad actors as reported by Accenture

According to a recent Cisco survey, SMEs (small and medium sized enterprises) are equally robust and invested in their cybersecurity infrastructure as large corporations. 

With a sample size of close to 500 SMEs (organizations with 250 to 499 employees), the Big Security in a Small Business World: 10 myth busters for SMB security provided insights on the plans, strategies, and realities of cybersecurity infrastructure in the sector. 

The survey revealed SMEs experience a similar amount of downtime as large companies, with 24 percent stating they had faced downtime of more than eight hours last year, only a slight difference to 31 percent of big companies. 

While larger companies are perceived to have the resources and capabilities to respond to these situations quicker as compared to smaller organizations, the report showed otherwise. 

SMEs do not lack cybersecurity resources and, in fact, 60 percent of these companies have a dedicated cybersecurity team with more than 20 personnel. This is hedged against 79 percent of larger organizations that have more than 20 designated professionals for security. 

Commenting on the findings, Wolfgang Goerlich, advisory CISO with Cisco Security, remarked: “I think this shows people at SMBs are much more security savvy than we give them credit for.” 

Despite citing a lack of trained personnel as one of the major challenges, SMEs are faced with other unique challenges, such as a restricted budget and compatibility with legacy systems. Even so, the statistics assert that SMEs are not one to neglect building a resilient cybersecurity system and team.

SMEs are also found to be constantly in the loop of new cybersecurity trends and applying the acquired knowledge to their architecture. Large companies have the advantage of replacing and enhancing elements of their security infrastructure swiftly as soon as new updates emerge, yet a majority of SMEs are diligent in ensuring their infrastructure is up to date. 

About 9 out of ten SMEs stated they regularly update their infrastructure, with 42 percent describing their cybersecurity infrastructure as up to date, next to 54 percent of big companies. 

Part of this may come out of SMEs demanding more from their tools and solutions: smaller businesses were noted to be more careful in spending, and would hold on to equipment until it is deemed insecure or obsolete. They are more likely to stretch their security systems to serve for a longer-term and turn to updates or replacements when necessary. 

With that in mind, we recently covered why bigger investments in cybersecurity don’t always equate to better security – 70 percent of successful breaches originated at endpoints despite higher spend in that threat area. 

Besides SMEs’ prioritization of cybersecurity infrastructure, these organizations are actively rooting out any undiscovered or latent malicious activities within an organization network. 

Goerlich explained the technique of threat hunting “as a more advanced skill” that is generally found in bigger organizations, yet “the democratization of threat intel” has supplemented organizations of all sizes with more information than ever been. 

This could be a driver for up to 72 percent of SME’s proactive role towards cybersecurity as well as 76 percent of large companies with employees tasked with threat hunting. 

It is a positive step that SMEs are vigilant and optimizing cybersecurity defenses. Last October, Accenture, concluded that 43 percent of cyberattacks are aimed towards SMEs, and only 14 percent are prepared to defend themselves. Thus, the current survey by Cisco highlights how SMEs are aware of their vulnerabilities. 

Adding on, the recent implementation of a work-from-home mandate globally poses new and more sophisticated cyberthreats to disperse the workforce now working remotely. 

Companies, regardless of size, are smart not to lower their guard; now more than ever, it is mission-critical for organizations to arm themselves with efficient cybersecurity systems to detect, defend, and cushion any impact from a possible cyberattack.