More than half (57%) of SMBs plan to increase their security budget in 2024
Almost half of small and medium-sized businesses and enterprises (46 percent) have experienced a ransomware attack, according to a new global survey, yet 65 percent of SMBs don't think or aren't sure they are a ransomware target; a slight increase from 59 percent in 2022. More than half (54 percent) of enterprises also don't think, or aren't sure, they are a ransomware target.
While the majority of organizations don't believe they will be victims of a cybersecurity attack, they do understand the business risks as evidenced by increased security spending and plans to expand security teams.
Waterloo, Ont.-based OpenText’s annual 2023 Cybersecurity Global Ransomware Survey also found that 90 percent of SMBs are extremely or somewhat concerned about a ransomware attack. This is a slight increase from the previous year's 88 percent. Similarly, most enterprises (87 percent) are extremely or somewhat concerned about a ransomware attack.
Over half (54 percent) of SMBs and enterprises feel more at risk of suffering a ransomware attack from increased AI use by threat actors.
Businesses are still taking threats seriously with plans to increase security budgets and expand security teams, the survey found. More than half (57 percent) of SMBs plan to increase their security budget in 2024. Of these, 40 percent plan to increase budgets by 5-to-10 percent. Thirty-three percent plan to increase budgets by 10-to-20 percent. Similarly, 53 percent of enterprises plan to increase their security budget in 2024. Of these, 37 percent plan to increase budgets by 5-to-10 percent, while 31 percent plan to increase budgets by 10-to-20 percent.
Moreover, 44 percent of SMBs and 43 percent of enterprises plan to increase the number of employees working on cybersecurity.
"The conviction 'it won't happen to me' is a risky mindset,” said Prentiss Donohue, executive vice president at OpenText Cybersecurity. “Cyberattacks have become increasingly common and can have serious consequences. No business is immune to an attack. While many businesses take the right defensive steps like using access controls, deploying backup and monitoring for threats, a layered security approach that includes education remains the best defense against ransomware. Ongoing education of the risks as well as the techniques used to perpetuate an attack is essential to avoid falling victim."
OpenText Cybersecurity polled 2,016 security, IT professionals, and business leaders from SMBs with up to 1,000 employees, and enterprises with more than 1,000 employees in the US, the UK, and Australia from September to October, 2023. Respondents represented a range of roles from security and technical employees to the C-Suite, and across multiple industries.