Small and medium-sized businesses (SMBs) across the UK are struggling to get cybersecurity strategy plans up and running, according to new research.
Analysis from Kaspersky shows more than two-thirds (67%) of SMBs lack "fully actionable" cybersecurity strategies. This means that while many have developed theoretical plans for how to tackle growing security threats, real-world implementation is falling flat.
These shortcomings are leaving a concerning number of businesses at higher risk of attacks amidst an escalating cyber threat landscape, the company warned.
"Cybersecurity can't remain a theoretical exercise," commented Pedro Jorge Viana, cybersecurity specialist at Kaspersky. "The findings show that while many SMBs have well-intentioned strategies, these often stay on paper."
So what's hempering cybersecurity strategy plans? A key factor here lies in a chronic disconnect between executives and IT leaders on the importance of cybersecurity, the study noted.
Nearly one-quarter (22%) of IT leaders said C-suite executives do not fully understand the strategic importance of cybersecurity, which is "slowing progress towards effective, organization-wide protection".
While strategies are falling flat, SMBs are turning to outside expertise to shore up defenses, the study noted. More than one-third (38%) of small businesses are now engaging with external cybersecurity partners.
These partners are helping bridge gaps, enabling IT leaders to build long-term sustainable security strategies.
SMBs are increasingly looking for partners that provide continuous awareness training for staff, particularly in defending against threats such as phishing, while other key focus areas include those with incident response capabilities.
Getting plans off the ground
Despite an increased focus on managed services, IT leaders are still pushing to develop their own internal strategies, the study noted. But for many that's easier said than done.
As a starting point, Kaspersky said that IT leaders should focus primarily on implementing "practical, measurable" security practices that can be easily integrated within daily operations.
Simply put, the study found that starting small and building thereafter is the best approach to building a robust long-term strategy. Investment in cyber awareness training and education for staff is also critical, Kaspersky noted.
Finally, emphasizing the importance of cybersecurity to leadership is among the most crucial aspects of any strategy during its embryonic stages. Viana said that creating alignment between IT and leaders is vital.
MORE FROM ITPRO
-
Apple M5 MacBook Pro 14in reviewReviews Literally looks the same as the M4 model, and only really a minor upgrade, but it is still a tremendous work machine
-
More transparency needed on sprawling data center projects, activists claimNews Activists call for governments to be held accountable when data centers are pushed through without proper consultation
-
Using AI to code? Watch your security debtnews Black Duck research shows faster development may be causing risks for companies
-
Organizations warned of "significant lag" in deepfake protection investmentnews Defenses are failing to keep up with the rapidly growing attack vector, with most organizations being overconfident
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
-
Middlesbrough Council boosts cybersecurity spending, strategy in response to repeated cyberattacksNews Councils across the UK have publicly struggled with maintaining services in the face of major cyber disruption
-
Foreign states ramp up cyberattacks on EU with AI-driven phishing and DDoS campaignsNews ENISA warns of hacktivism, especially through DDoS attacks
-
Cybersecurity leaders must stop seeing resilience as a "tick box exercise" to achieve meaningful protection, says Gartner expertNews Collaboration between departments and a better understanding of organizational metrics are key to addressing security blindspots
-
A new 'top-tier' Chinese espionage group is stealing sensitive datanews Phantom Taurus has been operating for two years and uses custom-built malware to maintain long-term access to critical targets
-
Asahi production halted by cyberattackNews Yet another big brand suffers operational disruption following apparent hacking attack
