Ponemon Institute: Management uncertainty, lack of security expertise put SMBs at risk

New research conducted by the Ponemon Institute on behalf of Sophos shows that small and mid-sized businesses (SMBs) face significant risk due to management’s lack of awareness and low prioritization of cyber security.

The survey results from the Risk of an Uncertain Security Strategy report offer revealing and sometimes disconcerting insights into the state of security for SMBs.

Security challenges facing SMBs

The survey of 2,000 IT professionals globally found that 58% believe management does not see cyber attacks as a significant risk to their business—despite the fact that 51% of SMBs experienced data loss or exposure in the past 12 months.

Along with a lack of awareness by senior management, 44% of respondents said cyber security is not a priority issue for the organization. Meanwhile, 42% said insufficient budget is a serious challenge, and 33% said a lack of in-house expertise hampers their ability to have an effective security posture.

Who’s responsible for cyber security?

Many SMBs lack coordination in their approach to cyber security. Among respondents to the Ponemon Institute survey, 31% said there is no one person responsible for setting security priorities. Chief executives are rarely involved in setting security priorities, lending to their lack of awareness about risks.

Read the Ponemon Institute report
Click here for the full survey and our recommendations for SMBs (PDF):

The Risk of an Uncertain Security Strategy: Study of Global IT Practitioners in SMB Organizations