Fifty-eight percent of SMBs now have a mix of in-office and remote employees, and 58 percent of remote employees work from home 2-3 days per week, according to the results of a recent LogMeIn survey of 500 IT pros at SMBs worldwide.
In response, IT pros are improving their understanding of their networks – just 15 percent of respondents don't know how many endpoint devices their company has, a significant leap from 30 percent in 2018.
Forty percent of respondents expect an increased IT budget next year, while 57 percent expect their budgets to stay the same.
When asked what investments are most important to their company's overall safety and security, the top responses include firewalls (62 percent) anti-virus on endpoints (60 percent), anti-malware on endpoints (57 percent), user authentication (57 percent), and password management (53 percent).
Strikingly, only a third of IT pros are prioritizing patch management.
Still, 32 percent of respondents feel very confident that the security measures they currently have in place are effective. Fifty-eight percent feel somewhat confident.
Among those who don't feel prepared to deal with security concerns, the leading reasons include a lack of IT staff (48 percent), a lack of budget (48 percent), not enough time (39 percent), and not enough IT training (33 percent).
Underestimating the Risks
A separate AppRiver survey [PDF] of 1,083 cybersecurity decision makers at U.S. SMBs found that respondent significantly underestimate the potential impact of a cyber-attack.
While Kaspersky has estimated the average cost of a data breach to a U.S. SMB at $149,000, 67 percent of smaller SMBs with one to 49 employees believe their total damages from a breach would be less than $25,000, and 55 percent believe their damages wouldn't exceed $10,000.
Seventy-two percent of respondents have been hit by at least one phishing attempt within the past quarter, and 54 percent worry that their employees would fall victim to social engineering.
As with the LogMeIn survey, patch management is a significant issue – just 38 percent of respondents apply patches as soon as they become available. That's true even in industries that handle highly sensitive data, such as healthcare/pharmaceuticals (36 percent), government (36 percent) and legal (38 percent).
And even though 32 percent of respondents at smaller SMBs haven't done much to improve their cyber preparedness since 2018, 37 percent of those respondents still think they're in better shape now than they were last year.
"Nearly two decades of constant fear-based messages have taken their toll on smaller SMBs," Zix vice president of marketing Geoff Bibby said in a statement. "Fatalism and a false sense of security are signs that they need more straightforward education and awareness."
"The threats are very real and the stakes are incredibly high, but there are simple ways to make startups and early stage companies much harder targets," Bibby added.