How SMBs are evolving their cybersecurity operations practices

While 81% of SMBs are monitored by a security operations center (SOC), 57% do not operate 24 hours a day, 7 days a week. Considering that 69% of SMBs feel they are facing critical and expanding cybersecurity threats and 75% say cyberattacks have increased in the past three years, the lack of 24/7 coverage continues to put SMBs at risk, according to a survey by Forrester and Pondurance.

Cybercriminals and threat actors work around the clock, with attacks originating from around the world. Therefore, all businesses, including SMBs, need to be always on alert for new threats and available to respond at any moment to an incident.

Of those with an internal SOC, 64% have 10 or fewer employees (and almost a third have 5 or fewer). Those operating a purely internal SOC and attempting to operate 24/7 run the risk of exhausting their employees.

The right partners are crucial to security operations

Despite critical and expanding cybersecurity threats, SMBs struggle to fill internal security technology and staffing gaps, leaving them with serious resource constraints throughout the threat management lifecycle. The study found that the best way for SMBs to seal internal security gaps is through reliance on external partners, especially those that can truly act as extensions of their own teams.

SMBs are looking to engage with outside partners that can offer close collaboration during incidents (52%) and to fill internal skill gaps (47%). Additionally, the ability of external partners to help round out SMB cybersecurity capabilities not only mitigates risk to the business, but also helps satisfy cyber insurance requirements, according to 42% of respondents.

“SMBs face the same threat landscape as larger companies, but with fewer people and more limited budgets and security expertise. Countering these threats requires an external partner to help,” said Doug Howard, CEO of Pondurance. “What’s impressive about the study’s findings is that SMBs appear to have a firm grasp on the benefits of engaging external partners to help them mature their security operations practices to mitigate risk. But it takes the right kind of partner to ensure that SMBs realize these benefits.”

The study found that most SMBs lack the internal tools and headcount to continuously monitor and respond to threats. 67% of SMB respondents report that engaging external security operations partners is crucial to maturing their security operations practices. By engaging the right security operations partners, respondents expect to see increased customer trust (49%), reduced risk (47%), increased revenue (45%), improved efficiencies (44%) and increased employee engagement (44%).

SMBs benefit greatly from managed and consulting services

While very few respondents in this study report struggling with a lack of executive leadership when it comes to cybersecurity issues, respondents report lacking the right tools (36%), bandwidth to work proactively (31%), cyber skills (42%) and employee awareness (41%) to deal with growing cyber threats.

In response, the study found that SMBs are turning to external partners to elevate their detection and response capabilities. The top tools and services SMBs plan to implement in the next 12 months are Managed Detection and Response (MDR) at 38%, Extended Detection and Response (XDR) at 47%, and Digital Forensics and Incident Response (DFIR) at 48%.

SMBs are also not looking for technology alone to address their needs. When asked about their cybersecurity operations budget allocation, respondents report spending 40% on technology/platforms and 60% on managed and consulting services. The combination of technology and service is important, with technology streamlining the work of existing employees and support services helping to expand team bandwidth and expertise.