New Study Reveals a Majority of SMBs Lack 24/7 Security Operations to Detect and Respond to Threats

eG Innovations Successfully Completes SOC 2 Type 2 Audit

69% of SMBs report their organizations face critical and expanding cybersecurity threats, making 24/7 coverage essential to mitigating cyberattacks

Pondurance, a leader in Managed Detection and Response (MDR) services, announced today findings from a commissioned study conducted by Forrester Consulting on behalf of Pondurance, which found that while 81% of small and medium sized businesses surveyed are monitored by a security operations center (SOC), most—57%—do not operate 24 hours a day, 7 days a week. Considering that 69% of SMBs feel they are facing critical and expanding cybersecurity threats and 75% say cyberattacks have increased in the past three years, the lack of 24/7 coverage continues to put SMBs at considerable risk.

Cybercriminals and threat actors work around the clock, with attacks originating from around the world. Therefore, all businesses, including SMBs, need to be always on alert for new threats and available to respond at any moment to an incident. The study, Attackers Don’t Sleep, But Your Employees Need To, explores where SMBs are in their security operations maturity journey. Of those with an internal SOC, 64% have 10 or fewer employees (and almost a third have 5 or fewer). Those operating a purely internal SOC and attempting to operate 24/7 run the risk of exhausting their employees.

Read More: WinWire Appoints Katy Brown Of Microsoft To Its Board Of Directors

The right partners are crucial to security operations

Despite critical and expanding cybersecurity threats, SMBs struggle to fill internal security technology and staffing gaps, leaving them with serious resource constraints throughout the threat management lifecycle. The study found that the best way for SMBs to seal internal security gaps is through reliance on external partners, especially those that can truly act as extensions of their own teams. SMBs are looking to engage with outside partners that can offer close collaboration during incidents (52%) and to fill internal skill gaps (47%). Additionally, the ability of external partners to help round out SMB cybersecurity capabilities not only mitigates risk to the business, but also helps satisfy cyber insurance requirements, according to 42% of respondents.

“SMBs face the same threat landscape as larger companies, but with fewer people and more limited budgets and security expertise. Countering these threats requires an external partner to help,” said Doug Howard, CEO of Pondurance. “What’s impressive about the study’s findings is that SMBs appear to have a firm grasp on the benefits of engaging external partners to help them mature their security operations practices to mitigate risk. But it takes the right kind of partner to ensure that SMBs realize these benefits. Pondurance has developed its security and advisory services with a deep understanding of the needs of smaller organizations for both best-in-class security technology and the people-expertise to provide 24/7 cybersecurity coverage. It’s literally our mission to ensure that every organization can detect and respond to cyberthreats, regardless of size, industry or current in-house capabilities.”

The study found that most SMBs lack the internal tools and headcount to continuously monitor and respond to threats. Sixty-seven percent of SMB respondents report that engaging external security operations partners is crucial to maturing their security operations practices. By engaging the right security operations partners, respondents expect to see increased customer trust (49%), reduced risk (47%), increased revenue (45%), improved efficiencies (44%) and increased employee engagement (44%).

Read More: SalesTechStar Interview With Doug LaBahn, CMO At Cin7

SMBs benefit greatly from managed and consulting services

While very few respondents in this study report struggling with a lack of executive leadership when it comes to cybersecurity issues, respondents report lacking the right tools (36%), bandwidth to work proactively (31%), cyber skills (42%) and employee awareness (41%) to deal with growing cyber threats.

In response, the study found that SMBs are turning to external partners to elevate their detection and response capabilities. The top tools and services SMBs plan to implement in the next 12 months are Managed Detection and Response (MDR) at 38%, Extended Detection and Response (XDR) at 47%, and Digital Forensics and Incident Response (DFIR) at 48%.

SMBs are also not looking for technology alone to address their needs. When asked about their cybersecurity operations budget allocation, respondents report spending 40% on technology/platforms and 60% on managed and consulting services. The combination of technology and service is important, with technology streamlining the work of existing employees and support services helping to expand team bandwidth and expertise.

Download the complete study here and register to attend our webinar, Attackers Don’t Sleep, But Your Employees Need To, taking place August 18, 2022 at 3:00 p.m. ET with Lyndon Brown, Chief Strategy Officer for Pondurance, and featuring guest speaker Jeff Pollard, VP Principal Analyst, Forrester .

Write in to psen@itechseries.com to learn more about our exclusive editorial packages and programs.