Cyberattacks and other threats are not limited to large organizations. In fact, small to mid-sized businesses (SMBs) are frequently targeted due to their often vulnerable information technology (IT) security defenses, particularly related to remote workers. 

According to a Devolutions report titled "The State of IT Security for SMBs in 2022-2023," despite 60% of SMBs undergoing at least one cyberattack in the past year, only 18% of SMBs check all the requisite IT security boxes to defend against cyberattacks — and 13% haven't implemented any essential IT security measures.

Cybersecurity still a significant challenge

The survey found that 67% of respondents are more concerned about IT security now compared to a year ago. Top concerns include ransomware (81%), phishing (69%) and malware (38%).

It also revealed that 60% of SMBs have experienced at least one cyberattack over the last year, and 18% have experienced six or more. However, 44% of respondents indicated that they do not have a comprehensive and updated cybersecurity incident response plan in place.

Security budgets trending upward

It’s widely recommended that SMBs allocate between 6-15% of their organization’s IT budget to cybersecurity. The survey found that 68% of SMBs fall in that recommended 6-15% budget range. This is significantly higher than what was reported in last year’s Devolutions survey, which found that just 32% of SMBs were allocating 6-15% of their overall IT budget to cybersecurity. 

The survey also revealed that 46% of SMBs plan on increasing their IT security spending in the next 12 months, while 48% plan on spending about the same on IT security over the next year. This means that SMBs are taking the threats against them seriously and planning accordingly.

For more report information, click here.