The past 12 months have spelled heartache for small businesses across the globe. For many, the year has also provided an opportunity to exercise agility, creativity, and adoption of digital practices that have moved from wish lists to must-have lists.

We’ve seen a sharp increase in demand for certain technologies in the past months as businesses of all sizes facilitated a work-from-anywhere approach. Small business leaders have a few things at the top of their minds as in-person workspaces reopen: hybrid work environments, bolstered infrastructure, and improved cybersecurity have become priorities.

The 2021 Security Outcomes Study for SMBs

And that last piece of the puzzle – cybersecurity – was the focus of a Cisco-sponsored survey that was independently conducted and analyzed and released at the end of last year. In our full study, we surveyed 4,800 organizations of all sizes from across the globe about their security practices and the outcomes they deliver. Nearly 20 percent of respondents classified as small and mid-sized businesses (SMBs), with unique security challenges that their larger counterparts don’t face.

We wondered – is that approach to cybersecurity and the unique challenges they face reflected in the answers to the survey? The answer, quite simply, was yes.

We’ve taken those findings and boiled them down for our SMB audience, creating a Cliff’s Notes version (remember those?) of sorts to get to the survey results that resonate most with our small business audience with the 2021 Security Outcomes Study for Small and Midsize Businesses (SMBs).

What did we discover for our smaller businesses? The results might surprise you, namely there are a few areas where SMBs excel in cybersecurity. Hackers and other ne’er do wells are opportunists – you don’t have to be a billion-dollar company to be vulnerable to cybersecurity attacks. And similarly, you don’t need to have giant IT budgets or staffs to have best-in-class security protection against vulnerabilities.

So where are SMBs leading the way in cybersecurity according to the 2021 Security Outcomes Study for SMBs? What are the main outcomes that small businesses should focus on to drive business success? Is there a such thing as too much wine or chocolate?

As a result of our survey, we learned that SMB security is taking care of business. Would you believe that SMBs can teach enterprises a thing or two about effective security? It’s true – the data shows that security and overall business operations are more tightly integrated in small and midsized businesses. This relationship helps SMBs create security approaches that enable the business, one of the three pillars we focused on when creating the study: enable the business, manage risk, and operate efficiently.

Under those three categories, here are our main takeaways from the survey for small businesses.

1. Plan for the worst; hope for the best.

The past 12 plus months have highlighted the need for a rock-solid disaster recovery plan for businesses of all sizes. And among the 25 security practices we tested, prompt disaster recovery capabilities and timely incident response were the biggest differentiators of success between SMBs and their larger counterparts.

How can your small business turn that into a success factor? By leveraging that famous adage, “plan for the worst, but hope for the best.” Have a recovery plan in place for “when” not “if” a security incident occurs. While our survey found that SMBs don’t experience security breaches as often as their enterprise peers, the relative impact is devastating to an SMB’s bottom line.

Let’s take a closer look at the math. When a $100B enterprise experiences a typical cyber event at the cost of $292K to the business, that represents 0.000003% of annual revenues. A small business that with annual revenues of around $100K, on the other hand, will likely lose $24K or more, which equates to nearly one-quarter of their earnings. That’s quite a difference in overall impact.

Being proactive vs. reactive can help SMBs mitigate risk and minimize the overall impact of a potential security event – a winning strategy.

2. Invest in modern technology.

The security threat landscape is forever evolving. And it’s vital to invest in modern technology that keeps pace with it. Of all the security outcomes measured in our report, small businesses that kept their technology up-to-date were more successful in each of the 11 security outcomes we measured. These SMBs were also able to adjust more easily to shifting security needs brought on by COVID-19 and the call for a remote and hybrid workforce.

In short, it’s hard to protect against today’s threats with yesterday’s technology. Let’s revisit the breach scenario outlined above. How can small businesses avoid that? By implementing security processes (think employee education and training new tools and procedures tied to business outcomes) and solutions such as Cisco Designed Secure Remote Work. A layered approach to security helps protect teams, endpoints, data, and ultimately the business from threats while enabling work to happen anywhere.

Also key are cloud-delivered Software as a Service (SaaS) solutions that can be updated and refreshed as new threats emerge. As our work environments continue to evolve in the aftermath of the pandemic, a modern tech stack that enables agility and efficiency while providing security can be a differentiator for SMBs.

3. Keep security priorities top of mind.

Finally, don’t let security slip from your list. From recipes to trip itineraries (oh, the day when we can travel widely again), we know the importance of a plan. The same holds true for small businesses and cybersecurity, particularly when resources are limited and stretched thin. Per the survey results, SMBs that have a sound strategy in place to guide security initiatives were significantly more likely to report successful outcomes. Additionally, a good security strategy was comparatively more important for SMBs than larger enterprises.

When evaluating security priorities and strategies, one word comes to mind – simplicity. But simple doesn’t mean ineffective. A streamlined security strategy that works with the business and keeps up with its evolving needs can delivery higher degrees of success for SMBs than those of larger organizations, per the survey results. This is great news for small businesses, which can prioritize their investments and focus on areas where they see the most return.

Get the 2021 Security Outcomes Report for SMBs

Cybersecurity will continue to be a priority for organizations of all sizes as we transition from fully remote to hybrid work environments. With the right strategy and tools in place, SMBs can become more resilient and agile in our ever-changing security landscape. SaaS solutions, such as Cisco Designed Secure Remote Work and our full range of security offerings, can be a critical success factor in helping mitigate security threats.

For more information on these main takeaways and more, access the full 2021 Security Outcomes Study for Small and Midsize Businesses (SMBs). We also recently held a #CiscoChat Live that covers the findings of the report a bit more in-depth. You can listen to the recording here.


Faith Wheller

Director of Marketing, Global

Small Business