Security Debt and the SME

Counting the cost of cyber security

Cyber security debt is a result of the perfect storm businesses face as they accelerate towards digital transformation.

Expanding cyber attack surfaces, lack of investment in technology and skills are exposing SMEs to great risk.

A perfect storm

Arguably, businesses have needed to focus on keeping their workforce productive and providing continuity in their performance for their customers. This has led to a large proportion of the workforce working outside the usual place of work, often using their own devices.

As a business leader, it also won’t have escaped your notice the reports across various media of the alarming rise in cyber attacks such as phishing scams and ransomware demands. This isn’t scaremongering, it’s fact. SMEs are now the main target of cyber criminals because they know they’re easier to breach than larger enterprises who have many more safeguards in place.

What is Security Debt?​

Security debt is the continuing accumulation of security vulnerabilities in your software that compound to make it harder (read: impossible) to deploy enough remediation to secure your data and people from attacks. Unlike technical debt, which may get in the way of releasing new features for the needs of the business, the growing pile of security vulnerabilities puts your organisation at an increased risk from cyber attacks. 

81
81% of breaches are caused by credential theft
60
60% of SMEs will go out of business within 6 months of a cyber incident
43
43% of cyber attacks target the SME
How do I know if I have security debt?

Unless you live and breathe your own technology environment the likelihood is, things are getting missed.  Whether you’re aware of it or not, it’s likely you already have some security debt.    This is because the threat landscape is continually shifting and the number of technologies available on the market to fix problems are vast.  Throwing individual technologies at specific cyber issues isn’t the answer.  

For example, many businesses think Microsoft 365 and their Antivirus has their needs covered – this simply isn’t the case. As a business grows it’s exposed to greater and greater risk as security controls don’t keep ahead of the complexities and gaps when a patchwork cyber security strategy is in place. Cyber security debt accumulates as a result of failing to implement the right security controls and cyber security strategy.

I can’t see or feel the debt, why should I care?

The cost of reducing or eliminating security debt is far less than the potential cost of a data breach in terms of incident response, fines, loss of customer and investor trust, and possibly litigation. In many ways, it should be considered an investment – an insurance policy, if you like.

Be smarter, more is not more

No business has unlimited budget or skills within their business to throw at their security posture, nor should it be required.  Some businesses buy way too much security software because they think more is more.   

The key is understanding what you need to protect and applying the right resource to it. 

Start the conversation

Talk to your employees, tell them how to look after your data and behave online. 

Talk to your board and get them to understand the importance of prioritising cyber security and the implications for business continuity if it’s not .

Talk to us.  Even implementing basic security best practices or managing a limited amount of cyber security technology can be a big task without any, or the right, staff. We know our stuff and are happy to take time to understand what your business needs. Book some time in our diary, or request a call back.  


Malcolm Orekoya, Chief Technology Officer, NetUtils
About NetUtils

Our customers aren’t guinea pigs.  When we recommend a solution, you can be sure it’s been tried, tested and trusted.​ Our 28-year heritage comes with over 450 years of collective experience in a million-pound team of industry leading specialists, experienced in working with businesses just like yours. Whether your problem is small or large, we’re happy to help and have a range of managed service bundles to suit every budget.

Related Articles
Managed Security Services Password danger is escalating with no ceiling in sight!
Password danger is escalating with no ceiling in sight!

Password problems will still plague every organisation

Managed Security Services Your Credentials Have Been Compromised

Share this story

Get in touch

We're a community where IT security buyers can engage on their own terms.

We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.

Interested in what you see? Get in touch, and let's start a conversation Get in touch