Cybersecurity is an inevitable investment for any modern business, but a skills shortage is making it increasingly difficult for small businesses to recruit and retain cybersecurity professionals.
New research from Sophos shows that the problem disproportionately affects small to medium-sized businesses, with organizations with fewer than 500 employees ranking it as their number two cybersecurity problem, while it ranks seventh among larger companies.
The shortage manifests itself in both a lack of expertise and a lack of capacity. The research found that 96% of SMBs find at least one aspect of investigating suspicious alerts challenging, and that 74% of ransomware attacks against them are successful in encrypting data.
Burnout and fatigue
Smaller businesses don’t have the capacity for vigilant cybersecurity, and in 33% of cases, SMBs don’t have anyone to monitor, investigate, or respond to alerts – meaning many are vulnerable to attack.
More and more cybersecurity professionals are experiencing a significant increase in burnout, with 85% of organizations saying that IT professionals have struggled in the past twelve months.
A worrying report earlier this year found that 74% have taken time off due to work-related mental health issues. With the average ransomware attack costing as much as $3 million in remediation costs, it’s no wonder cybersecurity professionals are feeling the pressure.
Working conditions, high workloads and unreasonable expectations all contribute to a workforce of overburdened IT professionals, who are clearly not given the right tools to carry out their responsibilities, whether that be training or resources.
As our world becomes increasingly digital and companies store more and more sensitive data about their customers, cybersecurity is more important than ever. While it may seem like data breaches are just a part of life these days, there is still enormous pressure on IT workers to protect their businesses.