Report – The State of SMB Cyber Security in 2019

Welcome to Brilliance Security Magazine’s “Report Highlight”, where we review and highlight the findings of security industry research and reports.

Today we are reviewing a rather remarkable report published by Vanson Bourne and commissioned by Continuum Managed Services.

Entitled, Underserved and Unprepared: The State of SMB Cyber Security in 2019, this report cites some startling survey results.

The survey queried 850 global organizations with 10 to 1,000 employees.  This research indicates that many of these Small to Midsized Business (SMBs) are not fully educated on what “good security” looks like. This makes them all the more vulnerable to cyber attacks than their larger, more resource-rich, counterparts.  

Some of the report’s key findings include:

Protecting against cybersecurity attacks has become the highest priority for SMBs, both within the business and in terms of investment.  89% report that cybersecurity is the top, or at least in the top five, organizational priorities and 79% say they are planning to spend more on cybersecurity in the next year.

80% say they fear they will be the target of a cyber attack.

Going it alone can be scary for SMBs.  62% say they lack the in-house skills required to deal with security issues and 52% feel helpless to defend themselves from new forms of cyber attacks.

Security is such a driving factor that 93% of SMBs, that use a Managed Service Provider (MSP), say they would consider moving to a new MSP if they offered the “right” cybersecurity solution, even if they weren’t planning to change MSPs.  84% of those that do not currently use an MSP say they would consider using one if they offered the “right” cybersecurity solution.

When it comes to what keeps them up a night, with regards to cybersecurity, 50% indicated that it was the loss of critical data, 43% fear losing customers because of an attack, and 39% are worried about potential damage to their brand reputation.  

Surprisingly, the SMBs involved in this research reported a lack of the following security solutions:

  • 56% have no cybersecurity specific experts in their organization.
  • 52% lack incident response planning.
  • 51% do without cybersecurity insurance.
  • 45% fail to adequately protect their documents.
  • 43% have no endpoint protection solution.
  • 40% do not provide security awareness training.
  • 35% have no network protection.
  • and 31% do without email security.

Cybersecurity is a key factor that affects the relationship between an MSP and their clients.

These results seem to indicate that MSPs need to step up their game when it comes to cybersecurity, given that 81% of the surveyed said they use an MSP, 14% do not – but plan to, and 5% do not and do not plan to use an MSP.  

You can download the full report at

Steven Bowcut, CPP, PSP is the Editor-in-Chief for Brilliance Security Magazine