As cyberattack incidents have continued this year, heightening awareness, the security industry is rolling out subscription-based security services for small and midsize corporations. With low monthly fees that support both response to and prevention of security incidents, subscription-based security services are becoming a practical alternative for small and midsize corporations with limited resources.
According to the security industry on the 16th, SK shieldus said in early this month that it would launch a subscription service for "hacking incident response" to help small and midsize corporations with limited security staff and budgets respond to cyber incidents. Under this service, client corporations pay a monthly subscription fee to receive technical response and compensation services. When a hacking incident occurs at a client corporation, SK shieldus supports the entire process from identifying the cause to blocking further damage, recovery, and establishing measures to prevent recurrence. It also covers IT system recovery expense, defense expense for personal data leak lawsuits, and business interruption loss expense through cyber compensation services. Legal counsel and cyber insurance are also included. The service can be flexibly configured to fit the size and budget of the corporation.
Global cybersecurity company Kaspersky also launched two subscription services for small and midsize corporations. "Kaspersky Next XDR Optimum" provides a comprehensive security service. Along with strong endpoint security and automated threat response, it offers easy-to-use detection and response tools to effectively identify attacks, then analyze and neutralize them. Another new product, "Kaspersky Next MXDR Optimum," is for corporations that want broad protection but wish to avoid the burden of building internal security capabilities. Under this model, the internal team at the corporation conducts initial threat analysis, and the Kaspersky team provides services such as advanced threat detection and AI-based alert analysis.
Genians, a corporation in the network access control (NAC) field, also released "Genian MDR," a small and midsize business (SMB)-focused service that specializes in operational and management efficiency within its endpoint detection and response (EDR) solution. Genian MDR is a managed detection and response service based on Genian EDR. It detects threats through continuous monitoring and constant data collection on endpoints and provides the same functions—such as analysis and response—as a service. Based on professional security know-how and the latest threat intelligence, Genians directly operates and manages clients' security environments.
Security corporations have recently launched such services because small and midsize corporations are the weakest link in cybersecurity. According to the Korea Internet & Security Agency (KISA), last year 94% of all cybersecurity damage occurred at small and midsize corporations. Since 2020, nine out of 10 cybersecurity incidents have targeted small and midsize corporations.
Small and midsize corporations face an acute shortage of dedicated security personnel. A survey last year of corporations with information security policies found that 98.7% of those with 250 or more employees had such policies, compared with 58.7% for corporations with 50–249 employees and 48.9% for those with 10–49 employees. The share with a dedicated information security organization was 33.9% for corporations with 250 or more employees, but only 5% for those with 50–249 employees and 1.6% for those with 10–49 employees. Because small and midsize corporations lack staff and funds, they cannot readily increase investment in security, a field that does not generate direct revenue.
In this environment, subscription-based security services are drawing attention for lowering expense burdens while providing professional security capabilities. Until now, security solutions were largely sold under perpetual licenses, and such systems required large investments, making it costly for small and midsize corporations to adopt them. Subscription-based security services, however, allow corporations to secure professional security operations capabilities through monthly subscriptions and build a stable security environment without hiring additional staff.
A security industry official said, "It is essential for small and midsize corporations to maintain security, but building an independent security framework has been difficult because it takes a lot of time and expense," adding, "With subscription-based security services, small and midsize corporations will likely be able to prevent incidents and respond immediately at a lower expense."