A third of the UK’s small companies have no cybersecurity strategy in place, according to new research. But why is this?
Could it be that the SMB market is under-served by security providers that focus their time on serving clients with bigger budgets and requirements that are better defined?
Trying to address a market consisting of hundreds or thousands of low-spending customers typically comes at too high a cost. Many service providers are unable to operate a viable business in the SMB market segment.
Conversely, SMBs' lack sufficient purchasing power to directly source security 'outcomes' for their business. With so many small business owners living on the edge of solvency I imagine the prospect of sinking cash into security is risible.
But there are solutions and resources available to help more SMBs get to an acceptable level of security readiness.
As a technology partner to many of the UK's leading security service providers I take the view that the industry is ready and able to serve the SMB market at a price which can be borne by SMBs, providing buyers work collaboratively.
We have seen government initiatives in Scotland and London where a single agency has represented the collective security requirements of thousands of member organisations. By pooling resources and budgets, those organisations have been able procure and consume services through collective purchasing arrangements.
The last three years has seen an explosion in cloud-based security services in the market, which permit buyers to self-provision. This brings down the cost of on-boarding and enabling customers.
Helping SMBs to make informed decisions about which security services their business will get the greatest benefit from is still, and will remain for the most part, a hand-cranked process.
SMB buyers typically have little or no exposure to the security market and would rather take personal advice from a trusted advisor rather than trying to self-educate themselves by reading reams of vendor marketing content.
As such, providing a personalised buying experience to thousands of SMEs remains a choke point to servicing demand that buying groups and industry associations must look to address if we are to see a material improvement in the number of SMBs sporting cyber credentials.
While 30% of small firms with under 50 employees claimed not to have a security strategy in place, the number fell to just 4% for medium-sized business (50-249 employees). Equally concerning is the fact that just over a third (35%) of SMBs said they had a basic data protection policy in place, while even fewer (29%) claimed to have a policy for controlling access to systems.