Cynet survey titled “2021 CISO Survey of Small Cyber Security Teams”
revealed that companies with small security teams, generally SMEs, are
facing a number of unique challenges, placing these organizations at
greater risk than their larger enterprise counterparts.
These enhanced risks are moving 100% of these companies to outsource at
least some aspects of security threat mitigation in order to safeguard
IT assets.
In this survey of 200 CISOs at small and medium size enterprises (SMEs)
with five or fewer security staff members and cybersecurity budgets of
$US one million or less, it was found that a majority of these
organizations were overwhelmed by the endless volley
of cyber-attacks. This has been due in large part because SMEs are
inundated by many of the same threats facing larger organizations, but
lack the financial resources, specialist staff, training and proper
tools to consistently remediate threats. According
the research results in this survey:
– 63% of these CISOs feel their risk of attack is higher compared to
enterprises, despite the fact that enterprises have a larger target on
their back.
– 57% of CISOs admitted that their ability to effectively protect their
companies is overtly lower than they would like it to be.
– 57% of companies indicated they do not have enough skill and experience to protect against cyber-attacks.
– 80% of responding CISOs said they would like to invest in more
automated security solutions as these companies look for innovative ways
to do more with fewer heads.
– As a result of the aforementioned, 100% of small security teams are
outsourcing security mitigation to an external provider with 53%
outsourcing to an MDR service and the balance outsourcing to an MSSP
provider.
An advantage that organizations with limited security teams have is
their understanding of the value that solutions like EDR (Endpoint
Detection & Response) provide. 87% of those using an EDR solution
said it was valuable. However, the vast majority of respondents
(79%) said it took their teams more than four months to finish their
EDR deployment and become proficient in using the solution.
The top tactics used by these smaller operations to improve processes
was to invest in automated solutions and processes (80%) followed by
investments in security training and certifications (61%), consolidation
of security tools and platforms (61%), replacement
of complex security technologies (52%) and outsourcing to service
providers to fill security tool gaps (51%).
Cynet: Need for SMEs with Small Security Teams to Rethink Cybersecurity Strategy
