ESET publishes new SMB research and finds that cybersecurity investments are not keeping pace with threats

SMBs in the US are more likely to experience a security breach/incident than those in the US. Canada

SAN DIEGO and TORONTO, November 10, 2022 /PRNewswire/ — ESET, a global leader in cybersecurity, today released its 2022 SMB Digital Security Sentiment Report, which surveyed more than 1,200 cybersecurity decision makers from small and medium-sized businesses in Europe. and North America. According to the new data, 74% of SMEs in North America and Europe believe they are more vulnerable to cyberattacks than businesses. And although these decision makers worry about the possible implications of an attack – including data loss, financial impacts and loss of customer trust – 70% of companies surveyed admitted that their investment in cybersecurity has not kept pace with recent changes to their operational models (i.e. hybrid operation).

Closer to home, the top three challenges identified by SMEs in North America were:

  • An inability to keep up with the latest cybersecurity threats (54%)
  • Keep abreast of the latest cybersecurity approaches and technologies (50%)
  • Budget limitations/lack of investment in cybersecurity (49%)

Given these challenges, it’s no surprise that more than half (51%) of respondents in North America describe themselves as not at all confident/somewhat confident in their cybersecurity resilience over the next 12 months. According to them, the main factors impacting the risk of cyberattacks over the next 12 months were the lack of awareness of employees on cybersecurity, the continuation of hybrid or working from home and the migration of services to the cloud.

“Earlier this month, it was reported that financial institutions have witnessed more than $1 billion potential ransomware-related payouts in 2021 – more than double the amount in 2020 and the most ever reported – yet our research shows that SMBs are not investing enough in solutions, services or employee awareness of cybersecurity,” said Ryan Grant, Vice President of Sales for ESET North America. “Many do not follow basic cybersecurity best practices, such as using multi-factor authentication, regularly updating software and performing regular cybersecurity audits. This is why ESET continues to ‘invest and make available core cybersecurity awareness resources, the latest threat data and intelligence, and a comprehensive suite of security solutions to protect businesses.

While SMEs in United States and Canada face similar concerns and investment challenges, the cybersecurity landscape has its differences. For example, 74% of US respondents versus 56% of Canadian respondents report having experienced or acted upon strong indications of a data security incident or breach in the past 12 months. And 43% of US respondents said they had more than one incident during the same period, compared to 28% of Canadian respondents..

“What the data suggests is that Canadian businesses are experiencing fewer data breaches, which could be due to good privacy legislation that includes the cybersecurity requirement,” said Tony Anscomb, Chief Security Evangelist for ESET. “The data provides a clear indication of a mismatch between the cyberthreat facing SMBs and the investments they are making in cybersecurity. Cybercriminals are likely to redirect their efforts to cut higher-level targets in order to monetize their business – making it essential for SMBs to improve their cybersecurity posture.”

Here are some other highlights from the 2022 SMB Digital Feeling of Safety Report:

SMBs do not take appropriate measures to protect against RDP security issues:
Although 75% of North American respondents consider Remote Desktop Protocol (RDP) to be one of the top factors impacting the risk of cyberattacks over the next 12 months, 77% say they will continue to do so. to use despite security risks. And too few of these companies are taking basic security measures to enforce the use of remote access tools. Nearly 50% (49%) of respondents do not protect logins with multi-factor authentication (MFA) and only 52% keep remote access tools up to date.

Outsourcing vs insourcing:
SMEs in United States differ in their preferred cybersecurity approach from those Canada. 42% of US SMBs keep their cybersecurity management in-house, compared to 25% of Canadian SMBs who prefer to outsource to a single cybersecurity vendor (35%).

“Differences in laws, regulations and privacy requirements across countries and continents can motivate Canadian SMEs to outsource because there is more pressure – and fear of penalty — to get it right,” Anscombe said.

Do companies carry out enough audits?
Less than 50% (49%) of companies surveyed in United States conducted a cybersecurity risk audit in the last 12 months against 60% of Canadian SMEs. Surprisingly, 7% of the United States and 18% of Canada respondents admitted that they had never done an audit. Of those who conducted an audit in the past two years, 53% used an external IT security company or MSP, 34% conducted the audit themselves, and 13% used a combination of the two.

Adoption by SMEs of EDR, XDR and MDR:
27% of SMEs in North America say they currently use EDR, XDR or MDR solutions. For those not deploying these advanced solutions in North America:

  • 25% say it’s because they don’t know enough about EDR, XDR or MDR to consider using them
  • 31% plan to use within the next twelve months
  • 13% would consider using in the next two years and the remaining 4% are not yet considering these solutions

How SMBs select a cybersecurity vendor:
In North America, 41% of small businesses are looking for practical steps to improve security rather than hearing vendor fear-based tactics. 37% of respondents are looking for companies that understand small business. 35% are looking for vendors that provide a single, unified view across multiple tools and attack vectors. Customer service also matters, with 30% rating it as important.

Conducted by Insight Avenue, the 2022 SMB Digital Security Sentiment Report took place at United States, Canada, UK, France, GermanySpain, Italy, Poland, Sweden, Czech Republic, Netherlands, Denmark, Norway and Finland – favor companies with 25 to 500 employees. Of over 1200 respondents, 300 were based in North America.

An overall summary report, which combines data on the threat landscape, is available here.

About ESET

For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure and consumers around the world against increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, encryption and multi-factor authentication, ESET’s high-performance and easy-to-use solutions protect and discreetly monitor 24/7. 7, updating defenses in real time to keep users safe and businesses running smoothly. without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET R&D centers around the world, working in support of our common future. For more information, visit or follow us on LinkedIn, Facebook and Twitter.