Are companies really well positioned when it comes to cybersecurity? 61 percent of the global companies surveyed in a Bitdefender study attest to improved cyber security. Cybersecurity Posture Survey 2023 highlights the resource situation of cyber defence.
In autumn 2022, Bitdefender asked 1.693 mostly small and medium-sized companies worldwide about how they see their cyber defenses set up. Despite slowly growing teams, a lack of resources is an important issue – but not the central one. Human misconduct by employees seems to be the bigger problem for many.
Many SMEs respond in the study
🔎 51% of respondents believe they have never been the victim of an advanced attack (Image: Bitdefender).
The study proves the low staffing level in the IT defense of small and medium-sized companies. In their own opinion, they have sufficient tools at their disposal, but increasingly also demand prevention and the early detection of dangers. If you want to do this and avert the consequences of human error, you actually have to look for external help in view of the thin human resources. But there may be a problem here: Most of those surveyed would not consider outsourcing IT security. However, IT defense alone can hardly rule out human errors by employees or contain their consequences.
Those responsible for security see the increasing danger from cybercriminals and know that their IT security must do more. For this reason, more and more respondents want to move away from conventional defense and towards holistic approaches with prevention, detection and defense. 53% of the companies and organizations surveyed by Bitdefender in over 100 countries have already taken this path, 32% are testing a more proactive security strategy, and 61% are considering a more proactive defensive strategy in the near future. Nevertheless, looking back over the past twelve months, 2021% of those surveyed are satisfied that their security situation has improved. That is six percent more than in the previous survey from XNUMX. A total of four percent of the study participants assume that their IT security is worse off.
Other key results of the study
🔎 Lack of budget and human error are bigger challenges than lack of staff or lack of technical equipment (Image: Bitdefender).
In 51, only 2022% of companies believed they had NEVER been the target of an advanced attack
Conversely, this means that almost every second company does. 21% see a high probability that such an attack will take place in the near future. Worryingly, only 39% have prepared a cyber defense plan.
Lack of security personnel and skills is the main problem for only one in three companies
Despite all the discussions about the undoubtedly existing shortage of personnel: When asked about the most important challenges to IT security, the factor lack of personnel and skills was only in fourth place with 34%. However, the situation seems to be getting worse. Because that is five percentage points more than in 2021. For most of those surveyed, limited budgets (48%) are the biggest problem. In their eyes, security seems to be purchasable. Unsafe behavior on the part of employees (47%) and human error (43%) are just as dangerous for the study participants. They probably don't lack security tools: Only 15% see the lack of relevant security tools as the biggest problem.
IT security is just one of many tasks
🔎 Outsourcing of IT security is not an issue everywhere (Image: Bitdefender).
A total of 18% of the companies can assign an employee exclusively for IT security issues, in 82% IT defense is one of many tasks for the IT administration. The situation is exacerbated by the fact that IT teams are very small anyway: In 30% of cases, the administrators are lone wolves for everything, in 41% the teams consist of two to four people. When a dedicated cybersecurity team exists, 50% of organizations have one person, and 38% have two to four people. But many companies want to remedy the situation: 21% are planning to hire cyber security personnel. In 2020, this proportion was still 15%. Awareness of the shortage situation is therefore increasing, but is lower than the discussion suggests.
IT security stays in-house
Nevertheless, only just under every fourth company surveyed outsources its security to an MSP, an MSSP or an MDR service provider. But 13% of others are considering doing so. On the other hand, 61% believe that they do not need such help.
“IT administrators have to do a lot – and they do it: The study results show that companies don't hide behind a lack of staff or inadequate technology equipment. Even for automated set-and-forget solutions not even one in four is looking for a priority. People are obviously aware that security is an important and major task," says Jörg von der Heydt, Regional Director DACH at Bitdefender, commenting on this year's results of the study, which has been carried out repeatedly over the past three years.
Companies should not feel safe
Jörg von der Heydt, Regional Director DACH at Bitdefender (Image: Bitdefender).
“However, the positive self-assessment of the respondents regarding their security status should by no means lead them to think they are safe. The conclusion that fully self-managed IT security is sufficient is just as dangerous, especially for smaller companies. Especially since this involves a lot of work: if ease of use and support are top criteria for 33 and 27% of those surveyed when selecting a security solution, this is perhaps a small call for relief. So is the fact that three out of four respondents want a unified security platform across endpoint, network, and cloud.
That outsourcing IT security is not an issue for two-thirds of those surveyed may be understandable due to concerns about the intellectual property of the data and compliance. But it's surprising, because nobody can take care of their IT security alone. Only platform security and outside help ensure adequate IT security.”
Background of the study
For the Bitdefender Cybersecurity Posture Survey Looking Forward 2023, the company surveyed 1.693 companies in 100 countries worldwide. 44% each from North and South America and from Europe. 85% of the companies surveyed from a wide variety of industrial sectors employ fewer than 500 people.
More at Bitdefender.com
About Bitdefender Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de