A number of big name retailers, insurance providers and companies have hit the headlines with their cyber attacks and data breaches over the last year or two. But what about the small and medium businesses? There’s no doubt they have their own security incidents but due to their smaller size we just don’t get to hear about them.

A new report by Webroot has shown that of 700 UK, US and Australian small and medium businesses, 63% consider themselves unprepared to counter cyber security threats. The survey questioned lead IT staff from companies with 1000 or less employees, 60% of whom also felt that their businesses were more prone to cyber attacks due to their poor defenses and inability to cope with an attack once it’s taken place. 55% went so far as to admit that they don’t have the resource to stay up to date with current cybersecurity threats.

The good news about these latter findings is that smaller businesses appear to have realised that they are just as likely to be targeted as larger ones and 81% of them hope to increase their cyber security budgets in 2016. One potential issue seems to lie in the lack of human resources, with 32% of those tasked with managing security doing so alongside other duties. 27% supplement their security efforts with third party assistance and only 24% (bearing in mind some of these have up to 1000 staff) have a dedicated security professional. 81% of respondents also agreed that outsourcing some of their cybersecurity work to third parties would help them to improve their security posture.

Unfortunately the report doesn’t delve into the specific threats, it simply covers ‘insider threats’, ‘unsecured networks’, ‘unsecured endpoints’ and ‘unsecure websites and phishing attempts’. Asked how confident they felt in being prepared for the above, 8% admitted they weren’t prepared to deal with any of them while phishing and website security actually got the most confident response, with 64% stating they were prepared to deal with this type of security issue. Only 52% felt prepared to deal with ‘insider threats’, understandable considering employees are often found to present the greatest security risk.

Asked to forecast potential losses due to cyber attacks in 2016, UK businesses put the figure at an average of $326,000, exceeding the Australian average of $313,000 but quite a way behind the $522,000 average of US respondents.

What’s certain is that as cybercrime becomes increasingly automated and easy to carry out, and as consumers become more aware of the risks, small and medium businesses are also under increasing pressure to step up their security. Whether it’s outsource or human resource, every business needs to be prepared.


Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.