It’s thrilling to lead security in small and midsized companies. We face many of the same threats as enterprises. With the growing emphasis on supply chain security, we share the same compliance obligations. We’re closer to the business leadership, and we’re closer to (sometimes embedded within) the IT team. With a fraction of the resources, we pull off the impossible quarter after quarter, year after year.
It’s exciting but it isn’t without uncertainty. As we define strategy and implement security programs, there’s long been a blind spot in how effective any given practice is. What makes for successful cybersecurity? Is there evidence that security investments result in measurable outcomes? How do we know what works and what doesn’t?
These are the questions the Cisco Security Outcomes: Small and Midsize Business (SMB) Edition report seeks to answer.
The Cisco Security Outcomes Study shone a light on the security practices which most drive security program success. Over 4,800 active IT, security, and privacy professionals from around the world participated in the study. Of those participants, 857 represented SMBs, and their responses form the basis of this follow-up report.
Security teams at small and midsize businesses don’t have room for mistakes. With smaller teams and smaller budgets, there’s greater pressure to make the most of what we do have. The value of this study in identifying what makes for successful security cannot be overstated.
The report is structured around the themes of enabling business, managing risk, and operating efficiently. One way leaders can use this report is to select a top theme, find the outcomes under that theme, and work on the practices that are correlated with that outcome. For example, given the goal of keeping up with the business, we can see practices like resiliency from incident response and disaster recovery provide a surprising role.
Given the report looks at 25 security practices and highlights which actions most increase the chances of achieving security outcomes, we can also use these findings to maximize existing initiatives. As an example, take creating a security culture. This is often associated with learning from prior incidents and creating sound security strategy. An organization with a strong culture program can expand the program to include those practices, thus amplifying what’s already going well.
Successes to celebrate are something I look for in reports such as the Cisco 2021 Security Outcomes Study. Small and midsized businesses outperform their larger counterparts in keeping up with the business. There’s also compelling evidence of the power of IT and security working together to better manage risks. The cause? Perhaps the reduction in siloes and layers. Perhaps the strong relationships that being a part of a smaller organization promotes.
Regardless, the findings are a reminder that your company’s smaller size shouldn’t impede you when building a cybersecurity program.
In fact, the report uncovered three practices which are key drivers for overall security program success:
Defending organizations against cyber threats is tough for any business, regardless of size. But it’s especially true when resources are limited. Read the Security Outcomes Study for SMBs to learn how small and midsize organizations are thriving with a strong cybersecurity strategy. And as always, if you need further guidance, Cisco is here to help.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Partners Social Channels