Topics
Services
Home > SMEs cut b ...
EN
EN DE FR IT

SMEs perform poorly in terms of cyber resilience

A study by Sophos confirms an above-average risk potential for small and medium-sized companies, primarily due to the shortage of skilled workers.

Editorial office - October 17, 2024
Companies should take stock of their security capabilities and look for ways to improve their overall cyber resilience. (Image: www.depositphotos.com)

Sophos has published a new report on the impact of the cybersecurity skills shortage. The report is based on a comprehensive study of 5,000 IT/cybersecurity experts in 14 countries. It reveals some serious consequences for small and medium-sized enterprises (SMEs) and companies with 100 to 500 employees.

The most important results are:

  • SMEs are disproportionately affected by the shortage of skilled workers: The lack of internal cybersecurity capability/expertise is ranked as the second biggest cybersecurity risk, surpassed only by zero-day threats.
  • SMEs have a higher rate of data encryption in ransomware attacks: In 74 percent of ransomware attacks on SMEs, the attackers succeed in encrypting the data.
  • No monitoring: In 33 percent of cases, there is no one in SMEs who actively monitors, investigates and responds to warnings.
  • Investigating suspicious security alerts is a challenge: 96 percent of employees in SMEs find at least one aspect of investigating suspicious security alerts difficult.
  • SMEs struggle to eliminate malicious alerts/incidents: 75 percent of SMEs find it difficult to resolve malicious alerts or incidents in a timely manner.

91 % of ransomware attacks take place outside normal business hours

Aaron Bugal, Field CTO at Sophos, said: "The lack of in-house cybersecurity skills is one of the biggest risks facing organizations today. When you combine this growing skills gap with the large, additional burnout crisis among cybersecurity professionals, small businesses are even more vulnerable to attack. With 91 percent of ransomware attacks occurring outside of normal business hours, SMBs need to be able to monitor their networks 24/7 to detect malicious activity before an attacker can exfiltrate or encrypt data."

Companies should take stock of their security capabilities and look for ways to improve their overall cyber resilience. It's a delicate balance between people, processes and technology. By understanding the strengths and limitations of their team, organizations can balance these with external expertise and improve their security posture.

Source: www.sophos.de

(Visited 102 times, 1 visits today)

More articles on the topic

Swiss companies are increasingly focusing on cyber security as a strategic advantage

The Swiss Cyber Security Days 2025: the latest findings, dominant technologies, strong partners and a hallelujah