Lack of cybersecurity skills a serious concern for small businesses

New research shows that a lack of cybersecurity knowledge is causing major problems for SMEs as they struggle to address remote working challenges.

The research, undertaken by Infosecurity Europe who run Europe’s biggest information security event, shows that skills gaps and the new levels of remote working are the biggest security challenges facing small- and medium-sized businesses.

Of the 3,700 SME professionals polled, over 40% cited the lack of appropriate cybersecurity skills as the issue having the greatest impact on their ability to counter the myriad of security-related threats.

And the lack of skills is particularly concerning given that almost half of the respondents (49%) believe it’s up to small companies, rather than the government (32%) or large technology companies (18%), to educate workers on cybersecurity best practices.

The COVID-19 pandemic has, of course, had a major impact in forcing organisations to adopt remote working on a widespread basis, with all of the inherent security threats that this poses. Furthermore this workplace-wide shift has been sudden and wide-ranging, leaving security professionals with little time to respond. 

Of course, the security threats to SMEs are not just about COVID. Recent years have seen a clear increase in hackers targeting businesses with less than 250 employees. Part of this is undoubtedly because the drive for digital enterprise transformation has made larger organisations a harder nut to crack, whilst smaller companies are a softer target and there are more of them to attack.

At a general level the lack of cyber skills is a problem facing businesses of all sizes, in all sectors. For example, the recent 2020 Cybersecurity Workforce Study undertaken by (ISC)²  – the world's largest non-profit association of certified cybersecurity professionals - confirms that the global cyber workforce shortage is currently 3.12 million. More worrying is the indication that employment in the field will need to grow by approximately 41% in the U.S. and 89% worldwide in order to fill the growing talent gap.

The (ISC)² study also found that 56% of respondents were concerned that their organisations were at risk due to cybersecurity staff shortages.

Finally and for many small businesses in particular, the challenge in 2020 has been to simply survive the economic downturn caused by COVID, meaning that concerns about skills shortages and the resultant impact on their cyber-resilience were not necessarily priorities. However, many are now realising that they can no longer ignore the threats that a lack of cybersecurity skills can pose as their reliance on remote working increases.