Cyber Security Index: Q2 2019

A Q2 2019 survey of 1035 Small and Medium Enterprises rated the current Cyber Threat index as “High”.
We’ve found this survey interesting and relevant as its offers really simple way of expressing how SMEs view the current threat of a cyber-attack, and the companies in the surveys are broadly similar to our customers. This is a quarterly survey run by one of our Partners, AppRiver in the USA. The AppRiver Cyberthreat Index for Business was developed by independent firms Idea Loft and Equation Research, in consultation with the University of West Florida Center for Cybersecurity, using survey data collected online in April 2019.

An interesting take way from this survey is that larger SMEs (with 150 – 250 staff) are more wary and aware of cyber threats than their smaller counterparts. This despite the fact that larger SMEs spend more and have a higher level of cyber preparedness than smaller SMEs. This consistent pattern suggests smaller SMEs could be underestimating their real cyberthreat risks. Reports of real threat incidents indicate cybercriminals do not discriminate; they are just as prolific in targeting smaller businesses – garnering smaller gains but with higher frequency of success – as they do large enterprises.


Potential cyber threats are top-of-mind for SMEs:

  • 77% of all SME executives and IT decision makers surveyed in the second quarter report potential cyberthreats are a top-of-mind concern.
  • That figure jumps to 91% among larger SMEs that employ 150-250 employees.

Actual attacks are believed to be prevalent:

  • The concern for potential threats are not surprising, considering 75% of SME respondents say actual attacks are prevalent on a business such as their own.
  • 40% of SMEs believe their business is vulnerable to “imminent” cyberattacks.

Most SMEs do not believe they can escape a successful attack unharmed:

  • 75% of all SMEs believe a successful attack would be harmful to their business; this rises to 88% for larger SMEs (150-250 employees).
  • Only 36% of all SMEs estimate they can survive a successful attack without sustaining short- and long-term business losses.
  • Interestingly, larger SMEs – which presumably have more or better cybersecurity resources – are most likely to believe business losses are unavoidable after a hacker’s attack.

Majority of SMEs believe cybercriminals have the upper hand:

  • 58% of C-level executives and IT decision makers at SMEs estimate hackers’ attack strategies and technology are more sophisticated than their own threat prevention resources.
  • Larger SMEs appear again more cautious and feel less optimistic than smaller SMEs. In Q2, 66% feel they are outmatched by cyberhackers. Even given their presumably more abundant resources and better technology than smaller SMEs, only 1 in 5 (21%) of all larger SMEs surveyed believe their technology is more advanced than hackers they are up against.
  • Overall, 47% of all SMEs give their own business a positive rating for cyber preparedness, a slight increase from Q1 (again this is likely correlated with the absence of a high-profile breach in the beginning of 2019). Larger SMEs again rate themselves lower (45% positive) than smaller SMEs (48% positive) in cyber preparedness in Q2, as they did in Q1.


  • 55% of all SMEs admit they are willing to pay a ransom to hackers in order to recover breached data or to prevent it from being shared.
  • 74% of large SMEs say they would be willing to pay ransom; 39% go as far as saying they “definitely would pay ransom at almost any price” to prevent their stolen data from being lost or leaked.
  • 45% of all SMEs say they are not willing to give in to cybercriminals, regardless of the ransom amount or value of the hacked data.

A related study by Datto (another partner of ours) found the initial ransom demand is typically not what breaks the bank. Instead, the aftermath and cost of downtime are the crippling factors. The ransom demanded from SMEs averages at $4,300 while the average cost of downtime related to a ransomware attack is ten times that at around $46,800.


The use of social media apps and websites at the workplace or on a business device concerns SME leaders and IT decision makers as a cybersecurity risk, according to 84% of all respondents surveyed. That figures increases to 89% among the larger SME community.

Among those concerned, 77% say they are most worried about employees’ use of Facebook as a security risk, followed by 21% who say the same about Twitter (each respondent was given the option to name none, one, or two social media platform that concerns them most as a cybersecurity risk).


Among SMEs surveyed that use an outside managed service provider (MSP) or technology consultant:

  • 43% say they are most in need of support for threat prevention.
  • 25% say the same about network monitoring and visibility, while
  • 16% wanted support related to collecting and analysing data, and
  • Another 16% value support for access and device management.

Threat prevention was chosen as the service they need most from their MSPs in all key SME industry verticals surveyed, with the exception of the legal sector, where SMEs say they most value MSP’s support in network monitoring and visibility, ahead of threat prevention.
Among the 1,035 total SME executives and IT decision makers surveyed in Q2, 22% (228 respondents) say they do not use an external managed service provider.

About Us

We provide supportive leadership enabling our business community to succeed and prosper through effective use of IT and Technology. PAAC IT is an IT Company in Surrey offering small businesses the personal attention and care that their IT systems deserve. If your company has between 1 and 100 employees and need a IT Company in Surrey we would love to hear from you!

Find out more
"PAAC IT provide a managed service for our PCs on a fixed monthly charge. Really great, they are there when we need them"
Julia Macquisten - OwnerLucas Field Media
"PAAC-IT provide and maintain our Apple Macs and Macbook Pros. Richard and his team at PAAC IT are very prompt and responsive when we need help, and a pleasure to work with"
David Alden - DirectorAlden Holmes
"Our business is highly dependent on computer technology – all the way from design and creative software platforms to administration processes. PAAC-IT set up and configured our mix of PC and Apple computers, file servers and security software and now keep it running. The team at PAAC-IT is very competent and keep our IT running smoothly"
Edward Green - DirectorMilly Green
"I was having trouble making Skype calls to my son. Both Darren and Connor were extremely helpful and patient. They were so kind to get the computer in and out of the car for me - i couldn't have done this on my own as i am disabled"
Jane Nightingale
"On moving house we required help of PAAC to coordinate a tablet, PC and laptop with new security and email addresses and to ensure transfer of old contact details etc. Some of this work was undertaken by Darren in the Midhurst shop and some at our new address. Darren was professional and helpful with successful results. PAAC also followed up with care to ensure that all was well. "
A satisfied customer
"I have been dealing with PAAC IT, mostly in their Midhurst Office, but also in Haslemere, for the past three or four years. They clearly understand Macs and have given me good advice, and sorted out various issues for me. Things did go wrong with the network wireless adapters I had bought from them, but they were quick to ensure they were checked and replaced without a problem, and they followed up with me a month later to ensure all was OK. That’s good customer service!"
James Tree
"Dynamite, goes the extra yard every time, reliable and essential support to my business."
Lawrence MullenThe Talking Trade
"Good, dependable, brilliant, local"
Anneke Clegg
"I have been using the services of PAAC IT for over two years. During this time I have found the staff to be courteous, understanding, and very efficient. I have received first class service on each and every occasion – from keeping my ancient computer running, to advising and supplying a suitable replacement when it eventually crashed. All my transactions have been with the team in the Haslemere shop where Richard, Mark, Darren and Oliver have addressed my computer difficulties with great patience and kindness. To them I am eternally grateful."
Derek Smyth