The Facts CISOs of Smaller Enterprises Survey Revealed

The chief information security officer (CISO) is a top executive in an organization. His tasks are to set the vision, strategy, and program for securing the company's information assets and technology.


CISOs from 200 small and medium-sized businesses (SMEs) with five or lesser security personnel and cybersecurity budgets of USD 1 million or less took part in the poll. The survey determined most of these companies to be under siege from an onslaught of cyberattacks.


This group of security experts says the same risks constantly bombard them that more prominent firms face. Still, they lack the funding, personnel, training, and equipment to deal with them effectively.


Survey of Small and Medium-Sized Business CISOs


According to a new poll, small teams outsource security due to a lack of employees, expertise, and resources. It is difficult for CISOs with limited resources to acquire and maintain a complete set of security solutions to safeguard their organizations from increasingly sophisticated attacks. Findings from a recent study show that firms with smaller security teams are at higher risk than bigger ones. As a result of the increased dangers, many businesses are consolidating their security platforms into fewer, more resilient, and more comprehensive solutions.


Managed detection and response (MDR) services, as well as Managed Security Service Providers (MSSP) and vCISO services, are being used by 90% of small cyber teams to mitigate security threats (15 percent ).


Endpoint detection and response (EDR) tool use increased dramatically year over year (from 52 percent to 85 percent of responders), while the use of extended detection and response (XDR) solutions significantly increased. Seventy-seven percent of respondents said EDR is currently the most important method for identifying risks, up from 23 percent in 2021. Network Detection and Response (NDR) decreased from 46% in 2021 to just 3% in the 2022 poll among those who said it was their primary technique of identifying threats. EDR/XDR solutions are becoming more critical for small security teams, particularly in remote work environments where workers are frequently not connected to the business network.


Companies' chief information security officers (CISOs) face an uphill battle in procuring and maintaining various security solutions required to guard against ever-evolving threats. According to the poll, cyber security professionals are constantly revising their defenses due to an uptick in criminal and state-sponsored assaults.


CISOs compared cybersecurity issues and objectives of CISOs at modest and medium firms (500-10,000 people) to those of a comparable study conducted in 2021 when businesses begin to return to "normal."


As a result of a lack of 


  • experienced security staff (40 percent)

  • extensive manual analysis (37 percent)

  • an increasingly remote workforce (37 percent)


Ninety-four percent of respondents said that sustaining their security posture is difficult.


More than half of the respondents had issues controlling and operating their threat protection systems. These are all due to overlapping capabilities and difficulty recognizing the full scope of an attack (42 percent ). 58% of CISOs said they were more likely to be targeted than significant corporations. Because of their size, when asked about the danger of an attack.

The Five Most Important Things We Discovered After Receiving 200 Responses:


1.    EDR Technologies are being used more often because of remote work.


Endpoint detection and response (EDR) solutions would be used by 52% of CISOs in 2021, according to a poll. This year, the percentage has risen to 85%. The rate of companies adopting network detection and response technologies (NDR) has dropped from 45 percent to 6 percent over the last year. By 2022, the number of CISOs and their businesses using EDR products with interconnected signals will be twice what it was in 2011. This change is likely due to the rise of working remotely, which would be more difficult to protect than work done inside the business network.


2. An MDR Solution is used by 90% of CISOs.


CISOs are under growing pressure to fill the industry's significant skills gap by hiring from inside. CISOs increasingly rely on service providers to fill in the gaps in their security teams, particularly in smaller organizations. Managed Security Services Provider (MSSP) was used by 47 percent of CIOs in 2021, while managed detection and response (MDR) was used by 53 percent. Only 21% of respondents utilized an MSSP this year, compared to 90% using MDR.


3. Overlapping Security Measures Plague Small Teams


Most firms with minimal security teams (87 percent) have difficulty managing and operating their security solutions. Regarding overlapping skills, 44 percent of these firms struggle, while 42 percent struggle to get the whole picture of an assault. These issues are intertwined because teams work to see the big picture using numerous technologies.


4. Small Security Teams Mostly Ignore Alerts


Smaller teams are ignoring security alarms. It was 14 percent last year and 21 percent this year that chief information security officers (CISOs) indicated they solely focused on "critical alerts." In the workplace, automation is also becoming increasingly common. In the last year, just 16 percent of minimal security teams indicated they ignored automated remediation signals, but that number has risen to 34 percent this year.


5. A Whopping 96% of CISOs Want to Consolidate Their Security Platforms Shortly


Most CISOs have security tool consolidation on the to-do checklists, up from 61% in 2021. It is not only easier to prioritize and view all threats with fewer alerts as a result of consolidation. Fifty-seven percent of respondents believe it will also prevent them from missing threats. Fifty-six percent think that it will reduce the need for specialized expertise. 39% believe it will be easier to correspond observations and illustrate the cybersecurity risks (46 percent ). Sixty-three percent of CISOs say XDR solutions are their preferred way of consolidation.


How You Can improve Cybersecurity Conditions


No matter what business you're in or how big your company is, you risk a cyberattack. Because they can't buy the same amount of security as major enterprises, small firms are often left unprotected. As a small business owner, you may profit from these cybersecurity recommendations. 


  • If your system is breached, having many layers of protection may assist protect critical data. 

  • To secure your company's data, educate your staff about cyber hazards and how to avoid them. 


Want to Share this Article?

About the author


The writer has a degree in Computer Science with a passion for content writing, my experience spans writing whitepapers, blogs, case studies, research reports, and more.

View More Posts