The OpenText Cybersecurity 2023 Global Ransomware Survey sheds light on the evolving threats faced by small-to-medium businesses (SMBs) and enterprises, revealing a paradoxical perception of who is a potential target.
Despite a growing awareness of ransomware risks, there exists a notable disparity in the mindset among SMBs and enterprises. A substantial majority, 90% of SMBs and 87% of enterprises express concern about ransomware attacks. Alarmingly, 46% of both SMBs and enterprises report experiencing a ransomware attack in the current year. Intriguingly, 54% of respondents believe that the utilization of AI by threat actors elevates the risk of an attack.
A contradictory mindset emerges as 65% of SMBs and 54% of enterprises either don't believe or are uncertain about being ransomware targets, indicating a significant awareness gap.
Despite this gap, there is common ground in how both SMBs and enterprises approach ransom demands. A substantial 64% of SMBs and 70% of enterprises firmly reject the idea of paying a ransom. Moreover, 79% of SMBs and 82% of enterprises have established recovery plans to mitigate the impact of successful ransomware attacks, reflecting a proactive stance in addressing potential threats.
Encouragingly, businesses of all sizes are taking cybersecurity seriously and investing in enhancing their security postures. Despite the well-documented talent shortage in the cybersecurity realm, 44% of SMBs and 43% of enterprises plan to expand their security teams in the upcoming year. In response to the shortage, businesses are turning to outsourcing, with 52% of SMBs and 42% of enterprises opting for security services from managed service providers (MSPs) or channel providers.
The commitment to cybersecurity is further evident as 65% of businesses believe their security sectors are adequately funded. Both SMBs (57%) and enterprises (53%) plan to increase security spending in 2024, with 40% of SMBs and 37% of enterprises aiming for a 5-10% budget increase.
Setting priorities, cloud security remains a paramount concern and investment focus for both SMBs (55%) and enterprises (59%). SMBs prioritize cloud security, security awareness training, network protection, and email security in that order. In contrast, enterprises prioritize network protection, cloud security, security staffing, and security awareness training.
To bridge the awareness gap, businesses are intensifying security awareness training efforts. SMBs and enterprises are aligning in conducting regular training sessions, with 83% of SMBs and 96% of enterprises requiring employees to undergo security awareness or phishing training. The increased emphasis on training is a positive step in addressing the disconnect regarding perceived targets in the cybersecurity landscape.
In our blog, we post technology-related articles weekly. Follow us on Facebook and Instagram to get notifications about updates.