There can be a whole slate of reasons why a small business doesn’t invest more in IT security: lack of people, money, time, etc. But here’s what may also be holding small businesses back – their managers.
One of the top challenges in ramping up security is getting management on board, according to a new survey from security solutions provider Sophos Ltd. and the Ponemon Institute, which studies privacy, data protection, and information security policy. In a poll of 2,000 employees working to secure the IT systems of their SMBs, a solid 58 per cent said they feel their managers just don’t see cyber attacks as a real risk.
To follow up on that, 44 per cent said they feel having a strong security posture just isn’t up there on their list of priorities.
Another 42 per cent answered by saying their budget isn’t enough to support a full security posture, while 33 per cent said their organizations lack in-house expertise. More striking still, about 32 per cent of respondents said their CIO is responsible for making the final call on IT security priorities – but another 31 per cent said no one at their organization has that role.
Many respondents also seemed to be unsure about whether their organization had been the victim of a cyber attack. While 42 per cent responded with a definite ‘yes,’ and 26 per cent said ‘no,’ another 33 per cent said they were unsure. However, overall respondents seemed more confident about answering whether their organization had suffered a data breach, losing sensitive information on customers, employees, or business partners, with 51 per cent saying yes.
Interestingly enough, only eight per cent of respondents said they don’t have enough people to manage their IT security – although that’s often a common refrain among small businesses.
Still, the study found despite any lingering concerns around security, respondents said they were still embracing shifts into cloud and mobile, adopting applications for these spaces in droves.
Forty per cent said they would ramp up the use of cloud applications and IT infrastructure services in the next year, while 37 per cent said their use would be about the same.
Right now, about 40 per cent of respondents said employees’ mobile devices are accessing business-critical applications, although 69 per cent expect that number to be even higher next year. And while cloud security wasn’t as big a concern among the respondents polled, half of them felt using mobile devices could weaken their organizations’ security postures.