Channel, OT Security

SMBs Acknowledge Key Security Vulnerabilities

One of our recent posts included a general discussion of the challenges that small- and medium-sized businesses face when formulating and implementing an effective security strategy. As revealed in the Webroot 2015 SMB Threat Report, there are significant business opportunities available to MSPs who can help these SMBs meet those challenges. Now let’s drill down and more closely examine the key factors affecting SMB security readiness.

The results of the Threat Report (see our earlier “Attention MSPs: SMBs Need Your Help” post for more information on this research survey) clearly establish that lack of IT resources and skills are a major issue within small- to medium-sized organizations. For example, consider how the survey participants’ responses to the following query broke down:

How is your IT security managed?

  • Less than a quarter of the organizations surveyed (24%) had a dedicated in-house cybersecurity team or individual.
  • The largest segment of respondents (32%) had employees who handled cybersecurity along with other general IT responsibilities.
  • 27% of those queried employed a mix of in-house and outsourced cybersecurity resources.
  • Only 14% of the respondent organizations relied solely on non-IT staff or outsourced resources.

Given the paucity of their in-house IT cybersecurity resources, it should come as no surprise that the survey respondents evinced a significant lack of confidence when answering the following question:

How do you rate your IT security preparedness?

  • 0% — Never be ready to manage and protect against threats
  • 3% — Far from ready to manage and protect against threats
  • 21% — Somewhat ready to manage and protect against threats
  • 37% —Completely ready to manage and protect against threats
  • 39% — Almost ready to manage and protect against threats

There is a direct correlation between the 24% of organizations with dedicated cybersecurity resources and the 24% who deem themselves far from, or only somewhat, ready to handle online threats. In fact, only 37% of those surveyed reported they were completely ready to protect against and remediate threats, while 39% reported being “almost ready.” Thus 63% of all surveyed were not completely confident in their readiness to counter attacks and protect themselves.

The survey participants then assessed their ability to combat threats in four security areas, including the Web, endpoints, networks, and insider threats.

What IT security threats are you completely prepared for?

  • 8% — None of these
  • 52% — Insider threats, such as employees
  • 55% — Unsecured internal and external networks (public Wi-Fi)
  • 60% — Unsecured endpoints including PCs and smart devices
  • 64% — Unsecure websites and phishing attempts

What emerges are revealing insights into the specific threat areas that respondents judged themselves most prepared. Insider threats constituted the lowest percentage, with only 52% of organizations assessing themselves as “completely prepared” to deal with these. Unsecured endpoints continue to cause major issues, as only 60% of respondents were confident they could respond to malware infecting a computer or mobile device.


From these results it’s clear the majority of SMBs are not completely prepared to handle cybersecurity incidents within their organizations, even in key security areas. Savvy MSPs will spot enormous opportunity here! More to come...

Want to find out if Webroot has what it takes to protect your customers? See for yourself with a no-risk FREE trial. You don’t even have to uninstall existing security.

Want to learn more about how Webroot partners with MSPs to delight customers, lower costs, and boost profits? Learn more.

Webroot offers cloud-based, real-time internet threat detection solutions for MSPs and their customers. Read more Webroot guest blogs here.