Coro announced the results of its 2024 SME Security
Workload Impact Report, revealing that cybersecurity professionals are
overwhelmed by the complexity and demands of managing multiple tools in
their security stack, leading them to miss critical severity events and
weaken their company's security posture.
The survey was conducted with 500 U.S. cybersecurity decision makers in
companies of 200 to 2000 employees across a broad variety of industry
sectors. SME and midmarket companies are facing increasing volumes and
complexity of cyberattacks, yet lack the resources and expertise for
adequate defense. Cybersecurity is typically handled by a company's IT
staff, who become quickly overwhelmed by the complexity and
responsibilities of managing their company's cybersecurity program.
According to the survey, 73% of SME security professionals have missed,
ignored or failed to act on critical security alerts, with respondents
noting a lack of staff and a lack of time as the top two reasons.
Respondents gave feedback on the most time-consuming parts of their day,
including monitoring security platforms, managing and updating endpoint
devices and agents, vulnerability management or patching, and
installing, configuring, and integrating new security tools.
Key findings include:
-
Respondents spend an average of 4 hours 43 minutes managing their cybersecurity tools every day, with an average 11.55 tools in their security stack
-
52% of respondents said the most time consuming task was monitoring security platforms, followed by vulnerability patching
-
Respondents estimated it takes 4.22 months for a new
cybersecurity tool to become operational; with equal time spent on
installation, configuration, training staff and integration with their
existing security stack
-
On average, respondents manage 2029.91 end point security agents installed across 655.92 endpoint devices
-
More than half (53%) of respondents must deal daily or weekly with vendors' updates of these endpoint agents
The workload complexity facing security professionals, and the
overwhelming demands it places on already limited resources, are driving
SMEs and midmarket companies to consolidate their cybersecurity tools. A
staggering 85% of respondents say they are looking to consolidate their
tools in the next 12 months. The most important benefit cited was
improving their security posture.
"SMEs are stuck in a cybersecurity hell, constantly overwhelmed by the
thousands of alerts generated by their enterprise security tools that do
not fit," said Guy Moskowitz, Coro CEO and Co-Founder. "The reality is
that enterprise security tools - designed for large teams with endless
resources - have failed SMEs. With limited staff, SMEs struggle with the
complexity of managing their security, torn between budget constraints,
limited resources, and the need for much better security coverage --
this is mission impossible. The most effective way for SMEs to escape
this cybersecurity hell is to adopt a single platform that covers the
entire security span and is designed to reduce workloads through one
dashboard and one endpoint agent."
The SME Security Workload Survey was conducted on behalf of Coro by OnePoll in late 2023. The results can be found here.