NEW YORK — Cynet released its 2021 CISO Survey of Small Cyber Security Teams. Participants included 200 CISOs at small and medium-size enterprises (SMEs) with five or fewer security staff members and cybersecurity budgets of $1 million or less.
According to the findings, a majority of these organizations were overwhelmed by the endless volley of cyberattacks. This has been due in large part because SMEs are inundated by many of the same threats facing larger organizations but lack the financial resources, staff, training, and proper tools to consistently remediate threats. Some of the key findings are below.
- 63% of CISOs feel their risk of attack is higher compared to enterprises, despite the fact that enterprises have a larger target on their back.
- 57% of CISOs admitted their ability to effectively protect their companies is overtly lower than they would like it to be.
- 57% of companies indicated they do not have enough skill or experience to protect against cyberattacks.
- 80% of responding CISOs said they would like to invest in more automated security solutions.
Of those using endpoint detection and response (EDR) technology, 87% said it was valuable. However, the vast majority of respondents (79%) said it took their teams more than four months to finish their EDR deployment and become proficient in using the solution.
The top tactics used by these smaller operations to improve processes was to invest in automated solutions and processes (80%) followed by investments in security training and certifications (61%), consolidation of security tools and platforms (61%), replacement of complex security technologies (52%), and outsourcing to service providers to fill security tool gaps (51%).
"This analysis looks at the reality of how CISOs with small security teams are taking on increasingly larger security challenges," said Eyal Gruner, CEO and founder of Cynet. "The result of this survey was a rare insight into the inner workings and dynamics of SMEs and a spotlight on how they are responding to the ongoing wave of criminal and state-sponsored cyberattacks."