Highlights –

  • As per the report, SMBs are fundamentally worried about external threats — attack vectors including ransomware and phishing.
  • Of all the largest businesses surveyed (250 employees), 18% reported having a dedicated cybersecurity budget.

With ransomware attacks on the rise throughout last year, it grabbed the headlines for all the wrong reasons, but the end of the year showed some signs of improvement. A new report by Corvus Insurance revealed that in Q4, the rate of ransomware reached just half of Q1 2021 when it was at its peak — thus registering a decrease from 0.6% to 0.3%. While the average ransom paid in Q3 2021 was atypically high, the entire 2021 ransoms paid by quarter average was USD 167k, 44.2% less than the Q3 figure.

Overall, lesser ransoms are being paid in comparison to those demanded. This fall in cost and severity can partly be attributed to underwriting institutions wanting vigorous backups for insurance coverage. This is driving the broader trend toward more sophisticated and resilient approaches to eliminating ransomware risk.

Regarding the issues and perspectives typical to the small-and-medium-sized business (SMB) segment, Corvus data shows that SMBs are still in the process of building their cyber investments.

According to the survey, SMBs are fundamentally worried about external threats — attack vectors including ransomware and phishing. Furthermore, only 8% of the smallest businesses ( and lt;50 employees) have a dedicated cybersecurity budget.

In context, of all the largest businesses surveyed (250 employees), 18% reported having a dedicated cybersecurity budget. However, overall spending on cybersecurity is rising; about 60% stated that they expect a rise in security spending with support from their CEO and senior management.

However, the respondents put the spotlight on a scarcity of resources and the overall complexity of security as key driving factors currently preventing improvements in their defences. Smaller companies remain worried about staying current on new threats. At the same time, larger organizations are concerned with vendor breaches, bringing to light the fact that many companies may fail to emphasize and act on the need for an internal security culture.