We conducted a survey of 500 representatives from B2B SaaS companies and analyzed their responses regarding the cybersecurity programs at their organizations. Read the article to learn about the state of B2B SaaS cybersecurity and how SaaS companies can protect their businesses.
According to Gartner, global cloud services are predicted to grow by 17% in 2020, with the largest market segment being SaaS due to the scalability of subscription-based software. In fact, they predict the SaaS market to grow by nearly 50% between 2020 and 2022. Investments in SaaS continue to be attractive “due to its lean cost structure and high customer lifetime values”, according to SaaS Mag.
Due to the flexibility of SaaS and its efficiency from a technological and financial aspect, companies are increasingly relying on cloud-based technology, and IT teams are embracing cloud applications.
“Building, implementing and maturing cloud strategies will continue to be a top priority for years to come,” said Sid Nag, research vice president at Gartner.
A hacking attack happens every 39 seconds, allowing cybercriminals to steal 75 records per second. Some of the most prevalent attacks happening right now include DDoS attacks, insider threats, malware, and password attacks.
Nearly three-fourths of respondents (74.2%) have in-house security personnel. Among them, 53.1% say their in-house security personnel is someone in IT and 30.73% say their in-house security personnel is a C-suite executive; the remaining 16.17% say their in-house security personnel is themselves. Among those that do not have in-house security personnel, 56.59% do not have external security personnel, such as a security consultant, while 43.41% do have access to external security personnel.
The majority of respondents (83.8%) have allocated budget in 2020 for cybersecurity in varying amounts:
Overall, more than four out of ten respondents (42.49%) reported allocating between $10,000 and $100,000 for cybersecurity in 2020, but just over one in ten (10.74%) have allocated $500,000 or more. The remaining 2.15% of respondents were unaware of the amount of budget their companies have allocated for cybersecurity in 2020.
We found that network security is the most common cybersecurity measure implemented by B2B SaaS companies today, with 67.2% of survey respondents reporting that they’ve implemented network security.
Nearly six out of ten (59.8%) of survey respondents said they’ve implemented employee cybersecurity training, and 56.8% have implemented cloud security. Other cybersecurity measures have been implemented by half or fewer respondents, including:
Compliance with security regulations and frameworks is a top driver of cybersecurity at B2B SaaS companies. Among survey respondents, 67.2% said that compliance is a key motivator for cybersecurity at their companies. For just under half (49.4%), fear of a cyber attack is a key motivator, while 44.4% are motivated by contractual requirements.
Despite compelling motivations, there are a number of obstacles to cybersecurity for B2B SaaS companies. More than four out of ten survey respondents (42.8%) said that a lack of cybersecurity knowledge and expertise is their company’s biggest blocker to effective cybersecurity, while insufficient personnel and insufficient budget was noted as the biggest blocker to effective cybersecurity for 25% and 23% of respondents, respectively. Just 6% said that effective cybersecurity isn’t a priority for their companies. While it’s only a small percentage, it’s still concerning that some B2B SaaS companies do not consider cybersecurity a priority. In this day and age, cybersecurity needs to be ingrained into the company culture.
Cyber insurance is an important part of holistic risk management. Businesses implement cybersecurity measures to detect and mitigate risks while they buy cyber insurance to transfer their risk to their insurance companies. Cyber insurance also plays an important role in meeting contract requirements. Many enterprises will require their B2B SaaS contractors, partners, and vendors to carry cyber insurance before agreeing to work with them.
Just over two-thirds of survey respondents (67.2%) say their company has cyber insurance. Among them, more than half (57.74%) say having a safety net is their reason for purchasing cyber insurance. Just over four out of ten respondents (40.18%) say they have cyber insurance because of contractual requirements.
We put together a checklist with things cyber insurance buyers should keep in mind.
More than one-third of B2B SaaS companies surveyed (36.6%) reported experiencing a data breach within the past 12 months. Among those that reported suffering a data breach within the past 12 months, the estimated costs of the breach varied, although most estimated that their costs fell between $0 and $250,000. That total figure (59.01%, or nearly three out of five respondents) is spread out among three cost ranges. Specifically, nearly one out of five respondents reported an estimated cost of the data breach between $0k and $50,000, another one in five reported an estimated cost between $50,000 to $100,000, and another one in five said the breach cost an estimated $100,000 to $250,000:
More than nine out of ten survey respondents (91.2%) have a company website, and the majority use WordPress, which is notorious for security vulnerabilities. Likewise, more than four out of five respondents (84.4%) utilize a customer portal that their customers can log into, another common source of security risks for SMBs. B2B SaaS companies and other SMBs should employ a web vulnerability scanner to continuously scan their websites and customer portals for vulnerabilities to reduce the risk of a data breach.
Regulatory compliance requirements are emerging across all industries, and B2B SaaS companies increasingly must comply with various compliance frameworks. In our survey of B2B SaaS companies, more than three-fourths of respondents (76.4%) reported that they need to meet the requirements for one or more compliance frameworks. Among them:
Regulatory compliance is a pain point for many organizations, including B2B SaaS companies. While it can be challenging to ensure continued compliance, the risks of non-compliance can be severe, including costly fines and penalties, not to mention a loss of reputation and potential loss of business. Many compliance frameworks include measures that enhance data security, protecting consumers’ data while simultaneously enhancing a company’s security posture and reducing the risk of a data breach. In most cases, following compliance frameworks is a win-win.
A comprehensive security platform like Zeguro can help B2B SaaS companies meet compliance with regulations like PCI DSS, SOC 2, and HIPAA through targeted employee training, web vulnerability scanning, and tools for implementing information security policies. Zeguro also offers tailored cyber insurance priced for an organization’s risk profile to help businesses recover with minimal disruption should a breach occur.
Everyone often thinks that the burden of the responsibility for cybersecurity lies with the leadership team and/or the IT team.
However, for any cybersecurity plan to succeed, there has to be a point person or committee who will be accountable for keeping your systems secure, your people trained and educated, and the leadership informed.
Your cybersecurity champions should come from every department, not just IT. The key people can come from HR, operations, finance, and other departments. You should also bring your company lawyer, auditor, or accountant in on the conversation.
Prevention saves you a whole lot of heartaches, stress, and money when it comes to cybersecurity. There are best practices that you can adhere to, including:
Another thing you could do is lessen the potential entry points of attack. Take inventory of your IT system and see if there are holes that you can plug. Disconnect any computer or machine that is not in use. If you are using cloud services, make sure that the provider is also secure.
Cyber insurance is an excellent way to make sure that you have that parachute when you experience a data breach.
For instance, cyber insurance policies can take care of expenses arising from a breach that resulted in the loss of customer and employee data. You don't have to worry whether you have enough money to cover for expenses related to responding to the data compromise or from liabilities you may face because of the incident. Some insurance policies even cover the funds lost due to payment fraud.
Get a cyber insurance quote here.
When you have close to three hacking attempts happening every minute, the question you should be asking yourself is not "what if" you suffer an attack. You should have a clear action plan on what you will do "when" you're hacked.
B2B SaaS companies are prime targets for cyber attacks. They either store a lot of their own customer data or they work with larger enterprises and have access to their data or systems.
Employ the best practices in cyber hygiene, train your employees, and invest in top-notch tools. Then, protect your business with cyber insurance to make the inevitable less frightening.
1 The survey was conducted using the Pollfish survey platform, which distributes its surveys through a vast network of 3rd-party apps and websites that allow Pollfish access to their users. Users are incentivized to complete a survey within the app. We asked a series of qualifying and demographic questions to target an audience of B2B SaaS companies.