Even before the current geopolitical and economic crisis, security teams were feeling squeezed. Back in 2018, (ISC)² conducted a global survey of 1,500 cybersecurity professionals in North America, Latin America, Asia-Pacific and Europe. They found that 59% felt their organizations were at a moderate to extreme risk of cybersecurity incidents because of a shortage of cybersecurity staff.

Have things gotten better over time? Since 2018, we’ve experienced a global pandemic. We continue to see growing levels of geopolitical conflict. Cyber incident costs continue to climb. As a result of these factors, the results from the OpenText Security Solutions’ 2022 Global Ransomware SMB Survey and several other studies should be no surprise. Security professionals are worried that things are getting worse.

Climbing the Wall of Worry

Small and medium-sized businesses (SMBs) appear to be increasingly worried about their current security situation. In the OpenText study, an overwhelming majority (88%) of SMBs said they are concerned or extremely concerned about an attack impacting their businesses. And 52% of respondents now feel more at risk of suffering a ransomware attack due to geopolitical tensions.

Nearly half (46%) of SMBs surveyed have already experienced a ransomware attack. Meanwhile, 66% of respondents are not confident or only somewhat confident that they can fend off a ransomware attack.

Other sources also reveal troublesome rates of cyber incidents. The IBM Cost of a Data Breach report revealed that 83% of organizations studied have had more than one data breach.

Shrinking Budgets and Rising Inflation

Inflationary pressure drives prices up. But the impact is further amplified if security budgets shrink while other prices rise. The OpenText study revealed that 67% of SMBs spend less than $50,000 annually on cybersecurity. Fifty-nine percent reported plans to increase their security budget in 2023. However, 57% fear inflation will lead to a change in plans resulting in budget cuts.

Meanwhile, cyber criminals also face higher costs. To offset inflationary pressure, malicious actors may work harder to pay their bills. Or maybe criminals sense the time is ripe to attack as security teams suffer economically.

Starving Teams

Security teams aren’t getting much relief from their team size, either. According to the OpenText survey, 68% of SMBs have fewer than five people on their security team. Meanwhile, more than half (58%) of respondents use external security management support. Among SMBs that don’t currently use a managed services provider (MSP) for their security needs, 65% are considering doing so.

Another study by VMWare shows that 47% of incident responders said they experienced burnout or extreme stress in the past 12 months. Of this group, 69% have considered leaving their job as a result. Organizations are working to combat this, with more than two-thirds of respondents stating their workplaces have wellness programs to address burnout.

Another study from IBM Security conducted by Morning Consult surveyed more than 1,100 cybersecurity incident responders across 10 countries. They found that 67% experience stress or anxiety daily due to the pressures of responding to a cyber incident. Also, more than a third are working over 12 hours a day during the most stressful period of incident response. These engagements typically last about a month.

Are companies planning to expand their team size? This would certainly help ease the pressure. However, larger security teams seem unlikely as brands like Amazon plan to lay off thousands of workers. But what if companies really do want to hire new security pros? The tight technology labor market makes talent acquisition and retention difficult.

The recent ISACA State of Cybersecurity 2022 survey provided some key observations. Unfilled positions are on the rise and existing teams are understaffed.

Small and Medium-Sized Companies Are Struggling

A Cynet survey interviewed 200 Chief Information Security Officers (CISOs) at small and medium-sized enterprises with five or fewer security staff members and security budgets of $1 million or less. This study found that a majority of these organizations were overwhelmed by ongoing waves of cyberattacks.

The surveyed security pros feel pressured by the same threats facing larger organizations, but SMBs lack the financial resources, staff specialists, training and advanced tools to consistently mitigate attacks. Other evidence points towards threat actors preferring smaller targets, such as companies with less than 1,000 employees. Those with limited defenses bear the brunt of attack volume with insufficient resources.

Wider Economic Impact

While each company must face its own security challenges, it also creates a wider economic problem. How do business owners assess and plan for the risk? What steps should they take, given the large potential consequences involved? Can they afford to spend millions on a data breach? What if they have more than one incident?

This uneasiness forces decision-makers to make hard choices. Do they invest in stronger security? Do they increase the price of goods and services? Either way, the economic impact is real. The IBM data breach report revealed that 60% of breaches led to increased prices passed on to customers. This drives inflation up, even more, contributing to a vicious cycle of rising costs.

Security Planning is Core Business Planning

Given the widespread impact of security incidents, business leaders are more concerned than ever. This is why solid security planning has increasingly become essential for business success.

This may be why the Cynet survey revealed a significant year-over-year rise in the use of Endpoint Detection and Response (EDR) tools (from 52% to 85% of respondents), as well as a doubling of Extended Detection and Response (XDR) tool usage (from 15% to 30%). Among respondents, 77% indicated that EDR is now the number one tool for detecting threats, up significantly from 23% in 2021.

Not long ago, security pros thought not in terms of if but when an attack will occur. Now, CISOs must gauge how many times they will be attacked during any given time frame. Ransomware leads to financial, reputational and operational damage. Perhaps future business leaders will be the ones with the best security.

More from News

Zombie APIs are a Top Security Concern as API Attacks Surge 400%

4 min read - Organizations of all sizes rely on application programming interfaces (APIs). The API explosion has been driven by several factors, including cloud computing, demand for mobile/web applications, microservices architecture and the API economy as a business model. APIs enable developers to access data remotely, integrate with other services, build modular applications and monetize their data/services. For enterprises that participated in a recent research study, the average number of APIs per organization was 15,564. Large enterprises (over 10,000 employees) had an average…

4 min read

Google’s Bug Bounty Hits $12 Million: What About the Risks?

4 min read - Bug bounty numbers have never been better. In 2022, Google rewarded the efforts of over 700 researchers from 68 different countries who helped improve the security of the company’s products and services. The total amount of awards grew from $8.7 million paid in 2021 to $12 million in 2022, a nearly 38% increase. Over the past few years, bug bounty programs have gained significant traction. Companies have been lured in by the potential to identify vulnerabilities quickly, enhance product security…

4 min read

Swiss Army Knife Malware Slices Through Systems In so Many Ways

4 min read - What if one single malware strain could cut through any security that tried to stop it? In a new study of more than 550,000 live malware strains, the Picus Red Report 2023 has unveiled a trove of over 5 million malicious activities. In the report, researchers identified the top tactics utilized by cyber criminals in 2022. Picus' findings also highlighted the growing prevalence of "Swiss Army knife malware". This type of malicious software is capable of executing a range of…

4 min read

Will Threat Actors Face Layoffs in 2023?

2 min read - You can’t look at the news these days without reading about layoffs in the technology sector. Roger Lee, founder of Layoffs.fyi told Investors.com that more than 120,000 tech employees lost their jobs in 2023 as of Feb 27, compared to 161,411 in all of 2022. However, all layoffs aren’t bad news. Most people don’t think of criminals losing their jobs. But if the criminal activity isn’t making money, then it makes no sense to continue. And that is happening in…

2 min read