Serving the Underserved: Why SMBs Need to Be a Priority for Cybersecurity Protection

Brian Thomas

The average cost of a data breach in 2021 was £3.5 million, according to IBM, a record high. When we consider this price in the context of small and medium-sized businesses, it is staggering and entirely unsustainable. SMBs have been historically neglected by cybersecurity companies and it’s time to address that gap by ensuring MSP programmes are curated to serve them.

The Cost of Cybersecurity

We’re inclined to see the risk of a cyberattack as something affecting large enterprises. Indeed, news coverage is often peppered with reports of cyberattacks on large corporations and household names. It’s understandable that these stories dominate the headlines since these large businesses have the most to lose in terms of sheer quantity of valuable and/or sensitive data.

However, it’s worth considering that these consequences are relative, and the repercussions for SMBs can be just as, if not more, destructive – both to internal infrastructure and any third-party associations (i.e., customers). Larger enterprises have the capabilities to implement a more robust cybersecurity strategy as there is typically a higher budget allowance. These defences make it harder for threat actors to carry out a successful data breach and they instead turn their attention to smaller, less-defended targets.

Cybersecurity for Everyone

Simply reading the news will tell you how badly we need effective cybersecurity protection across businesses, but this is particularly true for SMBs and midmarket organisations. In the past, SMBs may not have felt as though they were prime targets, but this is no longer the case. In fact, in such a ransomware-rich environment with continuous malicious attacks, they must be a priority to defend.

When it comes to the channel, we need to be focusing our efforts on the SMBs of the world who have been underserved by the cybersecurity market and simply cannot afford the ever-increasing average cost of a data breach. The risks of financial loss and reputational damage — as well as the repercussions that come with malicious hackers gaining unauthorised access to personal information, intellectual property or data of any variety – are catastrophic for midmarket enterprises. Indeed, they could ground business operations entirely.

According to Hiscox, one small business in the UK is hacked every 19 seconds. As hackers become more sophisticated, this figure will undoubtedly grow, so action needs to be taken to prioritise cybersecurity strategy for these more vulnerable targets. In fact, there’s much to be said for the role MSPs play in facilitating progress.

The Role of MSPs

There are several blind spots in the MSP-SMB relationship that have meant many SMBs aren’t operating with a defensible security infrastructure or a comprehensive security posture. MSPs need to start accommodating and better catering to the needs of SMBs if they’re to successfully mitigate the risk of further cyberattacks. An effective MSP should be explicitly concerned with ensuring any SMB receives up-to-date software and hardware services through a service model.

More specifically, MSPs must provide add-ons to their offering to suit SMBs’ security needs, which would ensure a tailored service that is well-equipped to serve the differing needs of midmarket enterprises. Such attention to detail effectively addresses many blind spots that are currently leaving SMBs vulnerable to destructive data breaches. A blanket cybersecurity strategy could never accommodate the key structural and commercial differences between SMBs and major corporations.

The Changing Landscape of the Channel

MSPs can alleviate the pressures that come with evolving technological advancement. It would be far too expensive for SMBs to consistently upgrade their solutions to satisfy shifting requirements, so outsourcing their security solution is a viable, and indeed favourable option. Operating through an effective MSP ensures SMBs don’t have to invest in expensive hardware and software, continuously updating their model to suit their specific business needs.

An MSP that serves its purpose should provide smaller, and typically less well-defended, organisations with a security safety net. Through a tailored approach, MSPs can ensure security systems are robust, particularly in the current climate, as organisations are facing so many emerging and unknown threats.

What’s more, it is vital that the MSP-SMB relationship is a dynamic one, and that the security needs of the SMB are met and re-evaluated frequently. It’s time for SMBs to become a priority, particularly in the context of boosting the health of the UK economy in the post-pandemic era, as we seek to foster and drive the growth of small businesses.

Brian Thomas is vice president of worldwide MSP and channel programs at Malwarebytes. Thomas brings more than a decade of channel, MSP and distributor leadership experience to the growing channel team at Malwarebytes. You may follow him on LinkedIn or @Malwarebytes on Twitter.