A survey of 600 SMBs (small-to-medium businesses) with revenue between $1 to $40 million, conducted by Provident Bank, finds that about half of the respondents believe their organization is fully prepared for a cyberattack. An equal percentage of respondents, however, admit cybersecurity was enough of a concern that they think about it daily. In fact, well over three quarters (79 percent) conceded that news coverage of international world crises has heightened their awareness of cybersecurity. SMB cybersecurity confidence may be a challenge for MSPs, but there are a few actions that can be taken to help.
Overestimating the strength of SMB cybersecurity postures
Well over half also report they have experienced one or more cybersecurity attacks in the past 12 months, with 27 percent experiencing more than three cyberattacks.
More than two-thirds noted they address cybersecurity within the context of their business continuity plan. A little less than two-thirds said they use secure Wi-Fi to keep data safe, followed by anti-virus software (55 percent) and backup and recovery software (50 percent).
Finally, the survey finds the most feared impact of a cybersecurity breach is increased IT costs (42 percent, followed by a loss of productivity (35 percent) and fines (26 percent).
It’s not clear which of the roughly half of respondents that are confident in their SMB cybersecurity capabilities are already relying on a managed service provider (MSP). However, it’s safe to conclude that there is still a significant percentage of small businesses that may be overconfident in terms of their assessment of their cybersecurity capabilities. For example, 50 percent of small businesses have not implemented backup and recovery software as part of an effort to thwart ransomware attacks. This remains surprisingly high.
Now is the time to engage
The challenge many MSPs face is to find a way to engage small businesses before they experience a cataclysmic cyber incident. Awareness of cybersecurity issues has never been higher and yet appreciation for what level of expertise and tooling is required to address those issues remains relatively low. Historically, MSPs that specialize in cybersecurity have made available free penetration testing services to drive home that point. The trouble is that if the leaders of a small business are confident in their existing capabilities it’s not likely they will invite anyone in who might disabuse them of that notion.
Savvy MSPs realize they need to go to places and events where small business leaders tend to naturally congregate to have those conversations. It may be the local Rotary Club meeting or a church social. The fact that a bank conducted a survey of small businesses suggests there may also be opportunities to partner with anyone who provides financial services to SMBs. Someone they already trust needs to explain why they really need an MSP to protect them, but also increase the likelihood they will file a cybersecurity insurance claim in the event of an attack.
MSPs must be proactive in their local communities
Unfortunately, very few small business leaders are likely to reach out to an MSP on their own volition unless they’ve experienced a cyber incident. And MSPs are not going to be able to meaningfully grow their cybersecurity services business by just waiting for the potential clients to reach out. They need to find a way to become an integral part of a local community. That doesn’t mean online marketing campaigns should be abandoned, but it does mean that as the COVID-19 pandemic continues to wane there is still no substitute for a firm handshake.
Photo: / Shutterstock
