SMBs: cybersecurity investments up sharply

SMEs despite growing security spending don't have long-term plans, train staff poorly and don't have ad hoc insurance

2016 was the year of the hackers. Among the breaches to Yahoo! accounts, cyberespionage during the U.S. elections and the growth of ransomware and DDoS attacks. Even small and medium-sized Italian companies are starting to take countermeasures, but they are still lagging behind on issues such as security and privacy.

The cybersecurity market reached 972 million euros in Italy in 2016. This spending at 74% involved SMEs. SMBs divided their spending into four different sectors: technology (28%), IT integration services and consulting (29%), software (28%) and managed service (15%). However, these are only short-term solutions that do not ensure total security over time. Experts consider these solutions to be lagging behind current trends, as highlighted by the Information Security & Privacy Observatory of the School of Management of the Politecnico di Milano.

Data provided by the Observatory on Italian SMEs

According to the Information Security & Privacy Observatory, only 39% of companies have an investment plan with a multi-year horizon and only 46% have a Chief Information Security Officer, the managerial profile in charge of security. This is a danger for the security of companies because the new trends of digital innovation such as Cloud, Big Data, Internet of Things, Mobile and Social require experienced and constantly updated figures in relation to privacy and security. The absence of a Chief Information Security Officer marks a huge gap for Italian companies compared to their competitors in the rest of Europe.

Invest in training

In Italy, the cyber risk insurance market is not yet mature. That is, that total coverage oriented to cover the damages caused by hacker attacks to companies. Moreover, small and medium-sized Italian companies are the ones in Europe that invest the least in employee training on topics such as cybersecurity and privacy. Many of today's hacker attacks, on the other hand, are the result of carelessness or poor staff training. A vulnerability that should be managed in a more incisive way.