Photo of Oliver Pinson-Roxburgh

Oliver Pinson-Roxburgh

CEO and Co-Founder

31st August 2021

Data from’s latest survey reveals serious barriers and misconceptions about cybersecurity among SMBs.

We surveyed over 600 SMBs about their thoughts on cybersecurity, protocols and their overall readiness.

The results were alarming. Not only did data reveal large gaps in knowledge, and in some instances naivety regarding cybersecurity, but many SMBs shy away from essential security measures due to perceived complexity and processes.

Nearly 40% of respondents noted that training was not a business priority. Even more worryingly, more than 1 in 10 businesses never provide training or devote resources to cybersecurity - an aspect of your business that should be considered business-critical.

What is promising is the level of awareness amongst SMBs. The majority of respondents recognize the value of cybersecurity measures but a lack of clarity in the ‘how’ still exists.

We’re here to set the record straight and give you a clear breakdown of why you need to consider cybersecurity as a critical aspect of your business and how it’s not as complicated as you may think.

48% of respondents use 2 or more vendors for cybersecurity solutions

Would you use two different banks for your business? You may have different accounts and account managers, but typically, it is viewed as operationally efficient to have one company handling all your finances. Your cybersecurity is no different.

Streamlining cybersecurity processes is key for SMBs. SMBs are usually time poor with attention focused on other areas of the business. Cybersecurity is, therefore, generally outsourced for different aspects to multiple ‘specialists’. The assumption that having several experts on the roster bolsters cybersecurity, is a false one. Not only is this not cost-effective (finance being a barrier to cybersecurity for many SMBs), it isn’t an effective way to manage an essential part of your business. The benefits of using one vendor greatly outweigh those of multiple companies.

With one supplier you can:

  • Easily keep track of contracts and licenses
  • Reduce the risk of duplication, saving on cost and time
  • Build relationships faster
  • Integrate different products more effectively and efficiently

There may be some pros to working with numerous vendors, but there are certainly more negatives. From our research, operational efficiency is a key factor in decision making for SMBs. Working with several suppliers could be counterproductive to that mindset. Multiple suppliers can overcomplicate matters and potentially increase the number of tools being used on your systems creating confusion, duplication of work and also deliver varying standards of service.

A third of businesses regard ‘employee knowledge’ as the biggest threat to cybersecurity

You can have all the latest high-tech cybersecurity tests and protocols, but if your employees can’t tell the difference between phishing emails or suspicious pop-ups, then you’ve not invested your money correctly.

Your employees are the first line of defense to threat actors. They can identify and report attacks, potentially saving you time, money and reputational damage. Investing in training is an essential component of any business’ cyber resilience. Cyber awareness training is highly recommended for any organization. Providing the basics of the ‘what’ and ‘how’ of cybersecurity will increase your employees’ confidence and directly impact your business.

The majority of respondents (54%) are more concerned about cybersecurity since the pandemic

Cyberattacks did increase during the pandemic. A combination of social factors and the rush to adopt new remote working practices created the perfect storm of opportunity and vulnerabilities. Cybersecurity has become even more business-critical because of remote working and businesses must make it a priority.

Accessing work from personal devices increases the probability of cyberattacks. According to the Department for Digital Culture, Media and Sport, only 23% of businesses cover home-working in cybersecurity policies and 84% of businesses didn’t adjust their practices during Covid-19 despite the increased remote connectivity.

Our findings amongst SMBs, combined with the DCMS report, highlight the need for an updated policy to protect those working from home. Tight budgets mean that it is often not viable to provide equipment to all employees so many use personal devices. Personal devices increase the likelihood of a breach, putting your business’ critical assets at risk. Regular penetration testing is advisable to stress-test your security perimeters. This is particularly important for your networks and cloud server if you’re operating on a hybrid working model.


Cyberattacks are on the rise and every day, cyber criminals use more sophisticated methods to breach your systems. Unfortunately, it isn’t a case of ‘if’ but ‘when’. Using trusted experts to manage your cybersecurity is highly advisable. You need to safeguard your business and you need someone you can trust.

Easily manage cyber risks with

Get access to comprehensive security tools and expertise, without the enterprise price tag.
No advanced knowledge required – we’ll take care of the heavy lifting for you.

Find out more about the 7 steps to securing your business and sign up for a free trial today.