A recent survey conducted with 500 U.S. cybersecurity decision-makers from small and medium-sized enterprises (SMEs) reveals significant challenges in managing cybersecurity due to limited resources and increasing attack complexities. The participants, hailing from companies with 200 to 2000 employees across various industry sectors, indicated that their IT staff are overwhelmed by the demands of handling cybersecurity. This is exacerbated by the fact that these companies are facing an increasing volume of complex cyberattacks, making effective defense a substantial challenge.
According to the findings, 73% of cybersecurity professionals within these SMEs have at some point missed, ignored, or failed to act on critical security alerts. The primary reasons cited for this include a lack of staff and insufficient time, underscoring the strain on resources that these companies face. The respondents also noted that a significant portion of their day is consumed by monitoring security platforms, managing and updating endpoint devices, handling vulnerability management or patching, and integrating new security tools.
The survey also highlighted that respondents manage an average of 11.55 tools in their cybersecurity arsenal, spending approximately 4 hours and 43 minutes each day managing these tools. The complexity of these tasks is further compounded by the time it takes to make a new cybersecurity tool operational, estimated at about 4.22 months, with time equally divided among installation, configuration, training, and integration. This indicates a heavy operational burden that could be streamlining their cybersecurity practices.
In response to these challenges, 85% of the respondents expressed a desire to consolidate their cybersecurity tools within the next 12 months, seeking to improve their security posture and reduce the workload. The overwhelming majority see tool consolidation as a vital step towards achieving a more manageable and effective cybersecurity strategy. This shift towards simplification reflects a critical need within the SME sector to adapt to the realities of cybersecurity management, balancing budget constraints, limited resources, and the necessity for robust security measures.
