ESET released its latest study on Small-and-Medium Businesses (SMBs) in the Asia-Pacific (APAC) region. The ESET SMB Cybersecurity Report, which surveyed over 1,400 IT professionals, revealed that despite widespread organisational confidence in cybersecurity, 73% of APAC SMBs were targets of breach attempts or cybersecurity incidents in the past 12 months. The figure was even higher for India, with 88% stating they experienced cybersecurity incidents in the past 12 months. 93% also agree that businesses of their size are more vulnerable to cyberattacks, compared to larger enterprises.
Ransomware, web-based attacks and phishing emails emerged as the top concerns of Indian SMBs. 79% are concerned about the threat of ransomware and alarmingly, 96% might consider paying in the event of a ransomware attack.
Parvinder Walia, President of Asia Pacific & Japan at ESET, highlighted the findings of the ESET SMB Cybersecurity Report: “Our report reveals that although SMBs are confident in their security measures and IT expertise, the majority still faced cybersecurity incidents over the past year. They feel more vulnerable compared to larger enterprises, underscoring the critical need for SMBs to enhance their security posture. It is crucial for SMBs to understand that paying cybercriminals only perpetuates further cybercrime. Instead, they should focus on implementing proactive measures to prevent cyberattacks.”
Top factors contributing to successful cyberattacks
Indian SMBs identify several key factors leading to cyberattacks: 53% point to critical or high-level vulnerabilities, 49% cite inadequate security measures, and 48% highlight the extensive use of cloud applications and services. Additionally, 50% perceive nation-state attacks as a major cybersecurity risk in the next 12 months.
Confidence alone falls short in growing battle against cyber threats
India and New Zealand experienced the highest number of security breaches or incidents, despite expressing the highest levels of confidence in their security systems. 65% of respondents in India and 64% in New Zealand are very confident of their overall cyber resilience, and 88% of SMBs from those two countries experienced a security breach or incident in the past 12 months.
Cybersecurity challenges India SMBs faced
ESET’s study also revealed that despite high confidence in their security systems, 43% rate lacking a dedicated cybersecurity team as one of the top 3 cybersecurity challenges. 36% reported alert fatigue as the biggest challenge, the highest across countries surveyed.
Fortifying defences in the aftermath of an attack
Following a breach or strong indication of a data security incident, SMBs were found to implement a variety of strategies to fortify their cybersecurity. These measures include performing comprehensive cybersecurity risk audits, enhancing cybersecurity training, deploying new cybersecurity tools, and providing internal safeguarding tips and advice. Indian and Malaysian firms predominantly allocate resources to acquiring new cybersecurity tools, at 57% and 58% respectively.
Armed with potential safeguards in the next year
The ESET SMB Cybersecurity Report unveiled the following strategies Indian SMB respondents intend to employ in the next 12 months to bolster their cybersecurity defences and resilience:
Increased investment in cybersecurity
63% anticipate a rise in cybersecurity spending over the next 12 months, with 48% of these firms expecting to do so by more than 80%. In contrast, firms in Singapore and South Korea exhibit a more conservative approach, showing a lesser inclination toward increased cybersecurity expenditure.
Spectrum of solution considerations in the coming year
SMBs in India are planning significant cybersecurity enhancements over the next 12 months. 38% aim to deploy Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), or Managed Detection and Response (MDR) solutions. Additionally, 33% plan to incorporate cloud-based sandboxing, 36% will implement full-disk encryption, and 40% will focus on vulnerability and patch management.
Currently, 69% of SMBs utilize cloud-based cybersecurity management. Key factors influencing the decision between cloud and on-premises solutions include data safety and internet connection speed.
Potential third-party outsourcing
27% of SMBs currently outsource a portion of their cybersecurity responsibilities to a third-party service provider while 22% manage cybersecurity in-house and do not plan to outsource. Looking ahead, 27% of SMBs intend to outsource some or all aspects of cybersecurity within the next 12 months.
ESET’s SMB Cybersecurity Report was conducted in second half of 2023 in partnership with leading market research firm Blackbox, which aims to increase understanding of cybersecurity attitudes and state of cybersecurity practices within SMBs across the region.