BRATISLAVA, Nov. 10, 2022 — ESET, a global leader in cybersecurity, today released its 2022 SMB Digital Security Sentiment Report, which surveyed over 1,200 cybersecurity decision-makers from small to medium-sized businesses (SMBs) in Europe and North America. The report explores cybersecurity sentiments within the broader context of recent security developments and world events shaping SMBs’ perceptions of security.
According to the new data, over two thirds of SMBs have experienced a data security incident in the past 12 months, incurring an average estimated cost of nearly €220,000. Yet the top concern over the business implications of a cyberattack named by SMBs was loss of data (29%). While these decision-makers are concerned about the possible implications of an attack, 70% of businesses surveyed admitted that their investment in cybersecurity has not kept pace with recent changes to their operational models (e.g., hybrid working).
The latest ESET Threat Report data shows a 20% year-to-date increase in 2022 in threat detections compared to last year. As many as 83% of the polled businesses believe that “cyber-warfare is a very real threat that can impact everyone,” suggesting that the ever-growing threats are significantly affecting SMB sentiment. Also, 74% of SMBs in North America and Europe believe that they are more vulnerable to cyberattacks than enterprises.
Respondents identified the following top cybersecurity concerns for the next 12 months:
- Malware (70% in total, statistically significant difference recorded in Sweden 50%)
- Web attacks (67% in total, statistically significant difference recorded in Spain 87%)
- Ransomware (65% in total, statistically significant difference recorded in Denmark 80%)
- Third-party security issues (64%)
- Distributed denial-of-service attacks (60%)
- Remote Desktop Protocol attacks (60% in total, statistically significant difference recorded in Spain 79%
It is no surprise, therefore, that SMBs’ overall confidence in cyber-resilience for the next 12 months remains low, with only 48% of the respondents claiming to be moderately or very confident in their cyber-resilience. It is worth noting here that the confidence among the respondents from Scandinavia (32%) was significantly lower than the rest of Europe and North America (both at 49%).
Despite major global developments such as the war in Ukraine and continuing remote work arrangements post-COVID-19, SMBs identified the number one factor significantly increasing the risk of cyberattacks as the lack of cyber-awareness among their employees (43%). Other major factors include nation-state attacks (37%), vulnerabilities in the partner/supplier ecosystem (34%), continued hybrid working (32%), and use of Remote Desktop Protocol (31%).