According to a new survey by ESET Canada, Canadian SMBs are increasingly nervous about their security stance, pointing to a need for solution providers to offer more comprehensive security-related services that include company-wide security training for SMB customers.

Barely one in four of those surveyed (26 per cent) are “very confident” that their organization would be able to keep their business and its information safe from attackers — down seven per cent from last year’s survey, the first of its kind by ESET.

Almost half (46 per cent) of those surveyed believe they’re at risk of experiencing an attack, and nearly three quarters (73 per cent) believe the number of attacks is on the rise compared to last year. A similar percentage (74 per cent) think attacks have increased over the last two years, and 69 per cent believe there are more attacks than there were five years ago.

“This survey reiterates a lot of what our partners are hearing — their customers don’t have the time or energy to spend on their security needs,” said James Chalmers, director of partner alliances at ESET Canada.

The survey, Chalmers said, shows opportunity for partners in delivering security services to SMB. It points to the need, he said, for solution providers to have a broader conversation around security with SMB customers. Despite an overall fairly negative outlook on their security stance, Canadian SMBs apparently believe they’re doing enough to deal with it. Only 14 per cent of those surveyed believed they do not spend enough time and money on security.

“The good news for partners is that there is opportunity out there,” Chalmers said. “The bad news is that the bigger conversation just isn’t happening. We have to be talking to customers about more than laptop or smartphone security products. It’s all about security awareness, and that’s a very different conversation.”

And that’s a conversation that’s not happening enough, the survey suggests. Among those surveyed, top reasons for concern about their company’s overall security stance include lack of employee knowledge about potential attacks (35 per cent) and what the company is already dong to protect itself (24 per cent.)

That points to a need for some baseline level of security training among SMB employees, regardless of role. But it’s the kind of service that Chalmers said “a very small percentage” of partners are offering today.

“The security landscape is such that a lot of times we’re dealing with issues after they happen,” Chalmers said. “We hope that increased awareness will make them think differently, to show them to lead with services, lead with training, and change the conversation.”

ESET has unveiled its own tools to help with that conversation, an online training module that aims to provide a sort of “security 101” background for SMB employees. Available free, the online course takes about 90 minutes, and covers the basics of security, from password best practices to identifying potential phishing attacks.

The training module is available to anyone, ESET customer or not, and Chalmers encouraged channel partners to help get it out to as wide and deep in their customer bases as possible. He said doing so could have a dramatic impact on the results of future surveys.

“I would hope we see some significant changes by next year,” Chalmer said. “More awareness, and more confidence.”