Cybersecurity company ESET examined more than 700 SMB-sized companies by industry for their ability to detect and respond to cyber threats. Some industries rely heavily on their in-house cybersecurity skills, while others prefer to hire an expert to provide outside cybersecurity.
Threat perceptions are increasing day by day. The fact that companies cannot reach sufficient speed to take cyber security measures increases the danger. The growing cyber security risk stands out as a common problem faced by SMEs who have to reduce their expenditures due to the current economic environment around the world. ESET's research sheds light on the cyber security approaches of SMEs on a sectoral basis.
Businesses and professional services
Research data shows that more than a quarter (26 percent) of SMEs in the business and professional services sector have little or no confidence in their in-house cybersecurity expertise. Less than a third (31 percent) have little confidence that their team will detect the latest threats. One-third (33 percent) believe they will have trouble identifying the root cause of a cyberattack. Almost 10 in 4 (38 percent) SMEs in business and professional services manage their security internally, which is more than the average for SMEs (34 percent). More than half (54 percent) prefer outsourcing instead. However, an additional 8 percent are considering outsourcing their cybersecurity in the next 12 months. Only 24 percent of SMEs in business and professional services choose to keep security management in-house. This is the lowest rate among all industries surveyed. More than a quarter (26 percent) choose to outsource to a single security provider and 40 percent choose to outsource to multiple providers.
Financial Services
Almost 10 in 3 (29 percent) of SMEs in the financial services industry have little or no confidence in their in-house cybersecurity expertise. 36 percent have little or no confidence that their employees understand cybersecurity threats. Only 26 percent of SMEs in the financial services industry believe they will have trouble identifying the root cause of a cyberattack. This rate is lower than the average of SMEs (29 percent). Only 28 percent of SMEs in the financial services industry manage their security business in-house; this is the lowest rate among all surveyed industries. Nearly two-thirds (65%) outsource instead. This rate is much higher than the average of SMEs (59 percent). More than a quarter (26 percent) of SMEs in the financial services sector prefer to keep security management in-house. While the same percentage of SMEs prefer to outsource to a single supplier, 39% prefer to outsource their security to more than one supplier.
Production and industry
A third (33 percent) of SMEs in manufacturing and industry have little or no confidence in their in-house cybersecurity expertise. This rate is higher than the average of SMEs (25 percent). Four in 10 companies (40 percent) have less or no confidence than other industries in their employees' perception of security threats. Only 29 percent think they would have trouble identifying the root cause of a cyberattack in the worst-case scenario. Only 10 out of 3 (30 percent) SMEs in manufacturing and industry manage their security in-house. More than half (63 percent) choose to outsource their security instead, the second highest of any industry. One-third (33 percent) of SMEs in manufacturing and industry prefer to keep cybersecurity management in-house; this is the highest rate among the sectors. Only 24 percent choose to outsource to a single security vendor and 35 percent choose to outsource to multiple suppliers.
Retail, wholesale and distribution
Four-fifths (80 percent) of retail, wholesale and distribution SMEs have moderate or high confidence in their in-house cybersecurity expertise; this is the highest rate among all sectors. This ratio shows that there is much more confidence (67 percent) in the expertise of the IT team in cybersecurity than is seen in the manufacturing sector. Three-quarters (74 percent) of retail, wholesale and distribution SMEs have moderate or high confidence that their employees understand security threats, compared to 64 percent for SMEs in the financial services sector. SMEs (79 percent) are more confident than other industries in their ability to identify the root cause of an attack. More than 10 out of 4 (41 percent) of SMEs in the retail, wholesale and distribution sector manage their cybersecurity internally. Only 53 percent outsource their security. However, 6 percent want to do so next year.
Nearly 10 out of 3 SMEs (31 percent) in the retail, wholesale and distribution sector prefer to keep security management in-house. The same percentage of companies prefer to outsource to a single security vendor, and 28% prefer to outsource to multiple vendors.
Technology and communication
A quarter (25 percent) of SMEs in the technology and communications sector have little or no confidence in their in-house cybersecurity expertise. However, most SMEs in the industry (78 percent) trust their employees more than others to understand security threats. More than three-quarters (77 percent) rely on their ability to identify the root cause in the event of an attack. More SMEs (34 percent) in the technology and communications sector than the average of SMEs (37 percent) manage their cybersecurity internally. More than companies in the retail industry outsource their security (53 versus 58 percent). Three out of 10 SMEs (31 percent) in the technology and communications sector prefer to keep security management in-house. In contrast, 23 percent prefer to outsource to a single supplier and 36 percent to more than one security supplier.
A false sense of security?
While SMEs in certain industries think they are more secure than others and approach cybersecurity management differently, these SMEs often manage their cybersecurity entirely in-house and therefore have a greater sense of security. Where in-house management is preferred, it is recommended to establish and regularly update security policies alongside regular third-party security audits.
The 2022 ESET SME Digital Security Vulnerability Report clearly explains the orientation of SMEs in line with these increasing needs. 32 percent of surveyed SMBs reported using endpoint detection and response (EDR), XDR, or MDR, and 33 percent plan to leverage this technology in the next 12 months. The majority of SMEs in the technology and communications (69 percent), manufacturing and industry (67 percent) and financial services (74 percent) sectors prefer to outsource their security needs.