To further assess and understand the current state of cybersecurity programs at these smaller organizations, we surveyed 379 IT and cybersecurity professionals at midmarket and small enterprise organizations in North America (US and Canada).
Omdia view
Summary
Even with continued successful cyberattacks across industries, midmarket and small enterprise organizations frequently fail to react quickly or sufficiently to threats, accepting risk without understanding the potential impact.
A Work in Progress
Despite their need for comprehensive cybersecurity programs, midmarket and small enterprise organizations often have limited budgets and resources, which can make attracting skilled personnel challenging for these firms. Gaps in security visibility, policies, processes, and infrastructure plus a tendency to use older systems and software make these organizations more vulnerable to attack than businesses with more mature and better funded cybersecurity cultures. Even with continued successful cyberattacks across industries, midmarket and small enterprise organizations frequently fail to react quickly or sufficiently to threats, accepting risk without understanding the potential impact. Highly dependent on third-party SaaS applications and infrastructure, smaller companies often lack visibility into operational threat signals, resulting in an excessive progression of attacks before discovery.
To further assess and understand the current state of cybersecurity programs at these smaller organizations, we surveyed 379 IT and cybersecurity professionals at midmarket and small enterprise organizations in North America (US and Canada).
Appendix
Further reading
Author
Dave Gruber, Principal Analyst, Cybersecurity
