There are 5.51 million small and medium-sized businesses based in Britain, making up 99.9% of businesses in the UK private sector. Not only do they represent a significant majority of the economy, but they also employ the majority of the UK workforce: around 61%, or 16.7 million people.
This is a trend that is mirrored globally, with the number of small and medium-sized enterprises rising to 400 million, representing around 90% of global businesses and 50% of global employment.
Despite being the backbone of the global economy, small and medium-sized businesses remain chronically and systematically underutilized by the cybersecurity industry. The vast majority of security tools fail. According to the University of Salford, 43% of cyber attacks target SMEs, and 60% of these organizations in the UK are out of business within six months of the cyber attacks. Globally, the estimates are even starker: The 2023 U.S. Business Impact report shows that approximately 73% of small business owners and leaders experienced data breaches or cyberattacks in the past year. The state of affairs for SMEs therefore remains not only serious, but also existential for their survival.
Simply put, the problems SMEs face are related to financing and resources. But when we dig deeper into how these problems manifest themselves, we understand how completely failed the current generation of enterprise security tools has left them. A recent study surveying 500 US-based SMB cybersecurity decision makers reveals this.
The findings show that cybersecurity teams at SMBs are overwhelmed and failing to properly manage the tools in their stack, as well as the alerts these tools generate.
Somehow, 73% of SMB IT teams reported missing alerts: over a third of respondents admitted to missing a security alert at work, while another 31% admitted to the sensitivity of a security tool to have rejected. Most worryingly, more than a quarter of respondents admit to having completely muted a security alert.
This is likely due to tool saturation, with more than half of respondents reporting that monitoring security platforms was their most time-consuming activity, and the average respondent having to manage more than ten cybersecurity tools at once.
The problem with the tools is compounded by the amount of time required to ensure they are fully operational and working properly with their other tools. On average, it takes 4.2 months for a new cybersecurity tool to be fully operational. Other aspects of the process also waste valuable time that could be spent on more productive cybersecurity tasks: 23% called integrating new tools with the existing security stack time-consuming, while 24% called out installation and 26% referred training staff in addition to the slim majority of 27 % that represented a configuration.
While none of these statistics should come as a surprise, the fact that they have been laid bare reiterates how poorly SMBs have historically been served by the cybersecurity market: they are marketed – and ultimately sold – tools that take months to onboard to arrive and deal with a specific attack. vector. Once these tools are operational, SMEs’ limited ability to effectively manage the results of these tools not only renders them useless, but also hinders their ability to actively defend against cybersecurity threats.
However, the tools and warnings only show part of the picture. SMBs also need to manage significant numbers of endpoint devices: an average of 656 per respondent. For each of these devices, SMBs have an average of four security endpoint agents (used to analyze, block, and monitor device content) per device. These, in addition to the tools themselves, require near-constant updates: 53% of respondents work with agents who require weekly or even daily updates.
Final Thoughts: Consolidate to Survive and Thrive
The picture painted is a bleak one, in which endless, expensive cybersecurity tools fail at the core principle they were designed for: keeping businesses safe.
Fortunately, SMEs and industry appear to be moving towards a solution: consolidation. A whopping 85% of SMBs surveyed said they wanted to consolidate by 2024, with security at the heart of this decision: 60% hoped this would improve security, while a further 19% hoped to reduce workload, and 21% are looking to reduce costs.
When done right, consolidation can do all these things and more. Consolidation-by-acquisition approaches, which have been the cybersecurity industry’s modus operandi to date, effectively bridge the cracks and fail to provide a truly integrated and consolidated solution. A truly consolidated approach should allow SMEs to remain as secure as a large enterprise, without the costs, damage and failures outlined above. A truly consolidated approach should give organizations the confidence to use cybersecurity tools that reduce, rather than increase, risk.
We’ve highlighted the best business VPN.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro