Sophos delves into the current state of cyber security skills gap, exploring its far-reaching implications. Based on a comprehensive study of over 5,000 IT and cybersecurity experts across 14 countries, Small and medium-sized enterprises (SMEs), or companies with 100 to 500 employees, may face severe consequences as a result of this.
Die wichtigsten Ergebnisse sind:
- The lack of internal cybersecurity expertise/experience is ranked as the second-largest cyber-safety risk, surpassed only by zero-day threats.
- Ransomware attacks on small and medium-sized enterprises (KMUs) are often successful, with a staggering 74 percent of perpetrators able to encrypt their data.
- In approximately one-third of small to medium-sized enterprises (KMUs), there is no designated individual responsible for monitoring, investigating, and responding to warnings.
- Approximately 96% of employees in small and medium-sized enterprises (SMEs) find at least one aspect of the study on suspicious security warnings challenging.
- Seventy-five percent of small and medium-sized enterprises (SMEs) find it challenging to promptly address malicious warnings or incidents.
According to Aaron Bugal, Area CTO at Sophos, the lack of internal cybersecurity skills is today one of the greatest risks for companies. As the growing skills gap in cybersecurity is exacerbated by a widespread burnout crisis among professionals, small businesses become increasingly vulnerable to attacks. Since nearly 91% of ransomware attacks occur outside regular business hours, it is crucial for SMEs to be able to monitor their networks around the clock to detect malicious activities before an attacker can exfiltrate or encrypt data.
Companies should conduct an inventory of their security capabilities and explore opportunities to enhance their overall cyber resilience. It’s a delicate balance between humans, processes, and technology. When companies comprehend the strengths and limitations of their groups, they can leverage external expertise to bridge these gaps and enhance overall security posture.
The complete English-language report is available for download.
