More than three quarters (77 percent) of small and medium sized businesses (SMBs) expect at least half of their cyber security needs will be outsourced within the next five years, and 78 percent plan to invest more in cyber security within the next year, according to the results of a recent survey of 850 SMBs in the U.S., U.K., Belgium, France and Germany.
The report, Underserved and Unprepared: The State of SMB Cyber Security in 2019, also finds that SMBs are actively looking for better security – fully 89 percent of respondents would consider hiring a new managed service provider (MSP) if they offered the right cyber security solution, and 24 percent have already changed MSPs following a cyber attack.
Among SMBs that have been hit by a cyber attack, the average total business cost was $53,987.
Sixty-two perfect of SMBs say they lack the skills in-house to deal with security issues, and 52 percent feel helpless to defend themselves against new forms of cyber-attacks. Just 37 percent feel their customers' data is very well protected against cyber attacks, and just 38 percent say the same of internal applications.
And they're notably lacking in several key areas of security – 52 percent have no incident response plan, 51 percent lack cyber security insurance, 43 percent have no endpoint protection in place, and 40 percent don't conduct security awareness training.
As SMBs look for help, price isn't as much of an issue as one might expect. Respondents who are planning to change providers say they're willing to pay an average of 24 percent more for the right cyber security offering, and 47 percent of U.S. SMBs said they would pay at least 20 percent more for the right cyber security solution from a new MSP.
Globally, SMBs said they're willing to pay an average of 27 percent more for the right cyber security offering.
Counting on Managed Services
"We have seen first-hand that the number one reason MSPs lose business today is over concerns about cyber security, and this data now proves it," Continuum CEO Michael George said in a statement.
"Providers across North America and Europe should heed the warning presented by these findings," George added. "Businesses expect to be protected by the MSPs, and not only will they jump ship to providers that offer a better cyber security solution, they will pay more to do so."
Notably, many respondents said they would blame providers for cyber security issues even if the MSP isn't currently providing them with security solutions – three quarters of SMBs who don't currently outsource cyber security would still hold their MSPs accountable in the event of a breach.
"It's clear from today's report that when MSPs get cyber security right, they stand to not only win business from providers that don't, but also increase their revenue streams from their SMB clients and have a better chance of retaining their existing client base," Continuum senior director of security product management Brian Downey said. "If MSPs can deliver the right cyber security solutions to their end clients, they will hold the competitive advantage in the SMB market."