CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

CISOs at SMBs face unique cybersecurity challenges

By Security Staff
busines-leaders-freepik1170x658v57.jpg

Image by federcap via Freepik

July 13, 2022

Companies with small security teams continue to face a number of unique challenges that place these organizations at greater risk than larger enterprises, according to a new Cynet report, “CISO Survey of Small Cyber Security Teams.” These enhanced risks are moving these companies to consolidate security platforms to fewer, more robust and comprehensive tools to simplify and improve protections.

The survey analyzed responses from 200 chief information security officers (CISOs) at small and medium-sized enterprises (SMEs) with five or fewer security staff members and cybersecurity budgets of $1M USD or less. It found that a majority of these organizations were overwhelmed by an endless volley of cyberattacks. These security professionals report that they are inundated by many of the same threats facing larger organizations but lack the financial resources, staff specialists, training and proper tools to consistently remediate them. 

According to the survey results: 

  • 58% of the responding CISOs felt their risk of attack was higher compared to enterprises, despite the fact that enterprises have a larger target on their back.
  • 94% say they have barriers in maintaining their security posture due to a lack of skilled security personnel (40%), excessive manual analysis (37%), and the increasingly remote workforce (37%), among other factors.
  • 87% have difficulty in managing and operating their threat protection products due to overlapping capabilities (44%) and difficulty visualizing the full scope of an attack (42%).
  • As a result, 90% of small security teams are outsourcing security mitigation to a managed detection and response (MDR) service, while also using managed security service provider (MSSP) services (21%) and virtual chief information officer (vCISO) services (15%). 

The survey also revealed a huge year-over-year rise in the use of endpoint detection and response (EDR) tools (from 52% to 85% of respondents), as well as a doubling of extended detection and response (XDR) tool usage (from 15% to 30%). Among respondents, 77% indicated that EDR is now the #1 tool for detecting threats, up significantly from 23% in 2021. Those reporting network detection and response (NDR) as the primary method for detecting threats fell from 46% in 2021 to only 3% in the 2022 survey. It’s clear that small security teams are seeing the value in robust EDR/XDR solutions, especially in remote working landscapes where employees are often not on the company network. 

 To see complete metrics, analyses and data visualizations, visit www.cynet.com.

KEYWORDS: Chief Information Security Officer (CISO) cyber security endpoint security risk management

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Related Articles

Events

View AllSubmit An Event
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!