Enterprises just as vulnerable to IT risk as SMBs, Netwrix survey finds
June 2017 by Netwrix
One third (33%) of large organizations and almost three quarters (73%) of small- and medium-sized businesses (SMBs) do not have a dedicated information security function, according to in-depth survey findings released today by Netwrix Corporation, provider of a visibility platform for data security and risk mitigation in hybrid environments. The new data follows in-depth analysis of Netwrix’s 2017 IT Risks Report, based on responses from more than 700 IT Pros* around the globe.
The survey divided IT risks into three areas - security, compliance and operations:
Among the key findings concerning security – see accompanying infographic - are:
• Over half (56%) of large organizations and four-out-of-five (80%) of SMBs treat cybersecurity as just another part of the general IT function
• Database security is the most important security focus for large organizations (65%) whereas endpoint security is the top security concern for SMBs (60%).
• BYOD and shadow IT are problem areas for organizations of all sizes, yet enterprise and SMB attitudes to it differ greatly. Large enterprises see the challenge as critical for the overall security of their IT infrastructures (34% for BYOD and 41% for shadow IT). SMBs are more concerned about risks from on-premises systems (49%), cloud systems (36%) and corporate mobile devices (34%). Lack of budget and insufficient staff training were named as the main obstacles to better security by organizations of all sizes. In addition large enterprises pointed to the complexity of their IT infrastructures, while SMBs complained about lack of time.
• Organizations of all sizes are planning to a more data-centric approach to security by investing in protection against data breaches (34% of SMBs and 50% of large organizations), intellectual property theft (31% of SMBs and 41% of large organizations) and fraud (31% of SMBs and 41% of large organizations).
• Overall, only 25% of SMBs and 25% of large enterprises say they are well prepared to beat cyber risks.
“Even though large organizations are believed to have significant resources for maintaining security, they are no less vulnerable than SMBs when it comes to actual IT risks. To mitigate those risks, large organizations have been focusing their effort on what is truly critical — data. We see a growing interest from SMBs in adopting a data-centric approach as well. SMBs are striving to gain visibility into user activity around data to become more proactive and successful in dealing with cyber threats,” said Michael Fimin, CEO and co-founder of Netwrix.