Appropriating resources are always a source of stress for small and medium-sized businesses (SMBs), and that can have profound repercussions. Case in point: More than 70% of SMB IT managers say budget considerations have forced them to compromise on security features when purchasing endpoint security.

According to a survey by VIPRE, price was the top factor in making endpoint security purchases for SMBs (cited by 53% of respondents), followed by ease of use (47%), feature set (41%), support (34%), advanced detection technology (31%), cloud-based management (29%) and ransomware protection (21%). Approximately 67% said security products are too complex, including 94% of companies that suffered a breach in the past year.

“SMB IT managers need to better recognize the security dangers facing their organizations,” said Usman Choudhary, chief product officer at VIPRE. “Ransomware alone was responsible for $1 billion in cyber-extortion payments last year, according to the FBI, but only 21% of survey respondents considered ransomware as a factor when they purchased endpoint security. We understand that price and budgets are a factor but forgoing advanced protection features such as those available through VIPRE can put a company at risk."

Cost efficiency isn’t the only reason why SMBs are opening themselves to attack. The survey also revealed that many IT managers are ambivalent about purchasing advanced security features—largely because of a misperception of the threat landscape.

For example, 90% of respondents say they can afford advanced protection but only 31% consider that when selecting their endpoint security. In fact, half (48%) of respondents agreed with the statement that "an organization of my size does not need endpoint security with advanced malware defense capabilities.” More than 60% believe free endpoint security products provide enough protection for “organizations of my size.”

Overconfidence reigns: Nearly 80% feel they have a strong grasp over security because they have enough in-house resources to manage endpoint security and other security solutions. A full 83% of respondents said they would personally guarantee that their customers’ data would be safe in 2017, up from 81% two years ago. Interestingly, 88% of companies breached over the last year would guarantee protection and 100% of those who have been breached over the last five years would do the same.

As for dealing with threats, the survey showed that as ransomware attacks and awareness increases, 53% of respondents said they would recommend negotiating a payment to the attackers. This represents a significant increase from the 2015 survey, where only 30% of IT security pros said they would negotiate. The current study also noted that 82% of companies suffering a cyber-attack in the last year would negotiate a ransomware attack.

With ransomware on the rise, perhaps it is no surprise that phishing attacks remain the most pervasive cybersecurity threat. About 45% of IT managers have had to remove malware from an executive’s computer due to phishing, a figure that rises to 56% for larger companies (351-500 employees).

Meanwhile, survey respondents also cited visits to porn websites (26%), letting a family member use a company-owned device (22%), attaching an infected USB stick or phone (22%) and installing a malicious app (21%) as reasons they had to remove malware. Only 25% said they have never been asked to remove malware from an executive’s computer.

The survey also found that roughly 40% of respondents believe cybersecurity will become more difficult in the Trump administration, while 40% believe it will be less difficult. About a fifth (19%) believe there will be no change.