SMEs are slowed down by insufficient IT security

SMEs are slowed down by insufficient IT security

Share post

Despite increased budgets, small and medium-sized businesses (SMEs) are unprepared for the dangers that come with growth, according to a Check Point survey. This is shown by a current study on the subject of “IT security for small and medium-sized companies”.

Check Point Software Technologies Ltd., a leading global provider of cyber security solutions, has released the results of a new survey by market research firm Analysys Mason on the IT security of small and medium-sized businesses (SMBs). The aim of the study was to find out how SMEs survived the pandemic and how their business and technological needs are changing. The survey found that while SMBs understand that they need to invest in technology to support growth in the hybrid working world, many executives are failing to prioritize IT security.


Cloud, mobile and SaaS technologies

The survey shows that the majority of all companies, including SMBs, have adopted cloud, mobile and SaaS technologies in recent years. As a result, compared to pre-pandemic levels, IT spending has increased, fueling business growth. SMEs have thus accepted to see the hybrid working model as permanent and have increased their investments in communication technologies and services to support remote workers. However, with the use of home and office access points, the attack surface has increased, which increases the risk of cyber attacks. The rise of supply chain attacks, in turn, shows security researchers that cybercriminals are increasingly using the more vulnerable SMBs as an entry point into larger companies. This approach is wreaking havoc on both SMEs and any corporations they interact with.

With a global shortage of IT security professionals, SMBs are now struggling to adequately protect their critical assets, making them a target for hackers. Larger companies tend to have larger IT budgets, making it easier for them to recover from an attack. However, for small and medium-sized businesses, an attack can be devastating. The survey found that among the top impacts on small and medium-sized businesses are lost revenue (28 percent) and loss of customer trust (16 percent).


Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month

By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.


This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at:

Data processing

We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that the personal data of our website visitors is only processed according to our instructions and in compliance with the GDPR.

1.150 SMEs included in the study

The survey of 1150 small and medium-sized businesses in the US, Germany, UK and Singapore also found:

SMEs struggle with a lack of expertise and need support

Less than a quarter (22 percent) of respondents believe they are very well protected against cyber attacks. Only a minority have in-house security specialists or work with a third party. This means that a large number of SMBs either have no security products in use or these products are managed by untrained employees. Although the number of SMBs working with managed service providers (MSPs) to solve IT problems has increased significantly, about a third of respondents said they would like their MSP to provide additional help in improving security.

IT security as an investment

The SMBs surveyed were aware of the disastrous impact of an attack on their business, but agree that their security budgets are inadequate. Security vendors priced beyond their budget have been cited as one of the top challenges for effective protection.

SMEs are adapting to the new circumstances, but mobile security remains inadequate

SMBs expect 40 percent of their employees to work remotely, at least part of the time. The highest priority in all countries was ensuring that IT can be managed and supported remotely, which was confirmed by the purchase of additional laptops and the increase in VPN capacity. However, the survey also shows that adoption of even basic security products is low. The most widely used service, endpoint protection, is only used by 67 percent of respondents. Less than half have some form of mobile security in place.

Eyal Manor, vice president of product management at Check Point Software, reports: “It is reassuring that SMBs have increased their investment in IT security to support business growth and the new hybrid working model, but the right mix of security products is key only part of an effective strategy. With a shortage of cybersecurity staff, SMBs need security solutions that are proven to stop threats, are extremely easy to deploy and manage, and offer the flexibility of an all-in-one solution that combines security and internet connectivity.

Low cost, no need for security experts

SMBs should also look for a consolidated and unified suite that offers a high level of protection for their network, endpoints, mobile devices and email. At the same time, SMB security vendors should adopt a prevention-centric approach that reduces the total cost of ownership (TCO) by reducing the need for additional staff or security experts. SMBs should also consider using third-party managed services providers to gain access to experienced professionals at an affordable cost. Third-party consultants can provide expert advice on the best security solution for each SMB, along with training and ongoing support.”

More at


About check point

Check Point Software Technologies GmbH ( is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.


Matching articles on the topic

iPhones: Secret malware discovered – search tool is ready

A few days ago, Kaspersky discovered sophisticated malware on company iPhones. The campaign, dubbed Operation Triangulation, is apparently still ➡ Read more

Five years GDPR

The European Union's General Data Protection Regulation is exhausting, but a success story. The European Commission should mark the fifth anniversary of the GDPR ➡ Read more

World of work: Return to the office

The "Everywhere Work Report" paints a rather gloomy picture of the hybrid working world in 2023. Because between the expectations of the employees ➡ Read more

Qbot remains top malware

The Qbot campaign, which occurred last month, uses a new delivery method in which an email with an attachment is sent to the target individuals ➡ Read more

The GDPR and the AI ​​Act

The GDPR has now been in force for five years and the European Commission wants to improve the regulation in the first half of the year. ➡ Read more

EU Cyber ​​Solidarity Law: Building a protective shield

In April, the European Commission put forward a proposal for the EU's Cyber ​​Solidarity Law, a multi-billion dollar plan to strengthen cybersecurity ➡ Read more

German companies: 84 percent expect a cyber attack

The Trend Micro Cyber ​​Risk Index (CRI) for the second half of 2022 is here. 84 percent of Germans expect ➡ Read more

New corporate email phishing tactics

Cyber ​​criminals are constantly introducing new techniques and tactics in their phishing attacks to fool victims and bypass security measures. Barracuda ➡ Read more