SMBs’ State of Cybersecurity Is Not Great

A new report from Devolutions highlights just how much small and medium businesses need channel partners’ help.

Kelly Teal, Contributing Editor

November 19, 2021

5 Min Read and BlackBerry

Almost three-quarters (72%) of small and medium businesses report more concern over cybersecurity than they did a year ago. Much of that concern stems from experience. As more SMBs have sent people to work from home because of COVID-19, just more than half (52%) have dealt with a cyberattack in the last year. Ten percent suffered more than 10 hacks. Those stats come from a new report, “The State of Cybersecurity in SMBs in 2021-2022,” conducted by software developer Devolutions.

Meanwhile, IBM has revealed that the cost of a data breach now averages $4.24 million, up from $386 million. SMBs take the brunt of much of this activity. In fact, the National Cyber Security Alliance says a majority go out of business within six months of a hack. That’s because most SMBs lack the budget and people to fully protect their digital environments. To that point, according to Devolutions’ findings, 40% of SMBs do not have a comprehensive and up-to-date cybersecurity incident response plan.

Channel partners – namely managed service providers and managed security service providers – have a crucial role to play in protecting SMBs. The MSP Summit explored this issue in depth earlier this month at the Channel Partners Conference & Expo. The resulting conclusions were clear: SMBs need partners’ cybersecurity expertise, and they need it now.

Channel Futures sat down with Max Trottier, vice president of sales and marketing at Devolutions, to talk about the company’s report, the state of cybersecurity and what partners need to know. The conversation has been lightly edited.

Channel Futures: What top three takeaways from the report do you think partners need to internalize the most about the state of cybersecurity within SMBs, and why?


Devolutions’ Max Trottier

Max Trottier: Channel partners have never been more important than they are today when it comes to helping SMBs strengthen their cybersecurity profile. Most SMBs lack the in-house expertise and operational bandwidth to properly focus on procuring the right cybersecurity tools and solutions. And even once they make a purchase, they often do not know how to fully use it, or they use it incorrectly (e.g., thinking that a password management solution is the same thing as a PAM solution). Channel partners build vital, ongoing relationships that fill this knowledge and experience gap.

Second, our survey found that most SMBs are not investing enough in cybersecurity as a portion of their overall IT budget. Channel partners need to continue focusing on ways to “translate” cybersecurity threats into pragmatic and quantitative business risks. At the same time, channel partners need to help decision-makers grasp that investing in cybersecurity is not just about protecting data, but that it adds value to the business by:

  • Increasing marketplace loyalty and trust, which translates into greater revenues and higher customer engagement.

  • Reducing costs by leveraging automation to replace time-consuming and tedious manual tasks.

  • Creating a better decision-making environment, by ensuring that prioritized cybersecurity risks are taken into consideration.

  • Establishing that reliable business continuity and disaster recovery tools and workflows are in place.

  • Making SMBs more attractive to strategic partners and investors.

Finally, SMBs are increasingly worried about supply chain attacks — which isn’t surprising in the aftermath of the Solarwinds hack. Even though that cyberattack targeted high-profile organizations and enterprises, it brought to light just how vulnerable all businesses (including SMBs) are to data breaches that are triggered by something as ordinary as a SaaS update. Channel partners need to rigorously evaluate the vendors with whom they partner and ultimately endorse to their customers.

CF: What two or three key issues will partners face in 2022?

MT: The first issue is that a growing number of organizations are …

shifting workloads to the cloud to avoid steep (and for many SMBs, prohibitive) upfront capex costs, as well as reap benefits like better collaboration, access for remote workers/distributed teams, disaster recovery, etc. Channel partners should focus on how they will support organizations with cloud migration, optimization, and governance and compliance.

Second, many SMBs have resisted automation in recent years — preferring to do things manually because it is perceived as simpler and safer. However, the pandemic has changed this paradigm and SMBs are realizing that they must automate certain processes to reduce costs, improve productivity, and free up resources and time to focus on higher-value activities such as improving customer experience. Channel partners definitely have a huge role to play here in helping SMBs leverage automation, and make it work for them vs. against them.

Third, the operative word in channel partner is “partner.” As such, channel partners should focus relentlessly on how, when, and where they add business value — both in terms of helping customers procure necessary products and services, as well as (and in some cases more importantly) providing essential advice and guidance. Channel partners that do not have a very clear understanding of the business value they provide – and deliver – risk being perceived of as expendable by their customers.

CF: Other thoughts to add about SMBs’ state of cybersecurity?

MT: Other general cybersecurity-related issues that may be relevant to channel partners for their planning/discussions with customers start with this: The cybersecurity landscape is getting much worse for SMBs both in terms of the frequency and severity of attacks. SMBs are no longer “safe” because of their smaller size. On the contrary, they are increasingly being targeted by hackers who want to infiltrate their weak – and sometimes, virtually nonexistent – cybersecurity defenses.

The two areas where many SMBs are highly vulnerable are password management and protecting privileged accounts. Many SMBs do not even know how many privileged accounts they have in the first place.

SMBs need to understand and guard against attacks that are carried out internally (rogue users), as well as breaches that are triggered by employee negligence and carelessness. Ongoing cybersecurity training is a big part of this, as are tools that monitor all account access, and provide password vaults for secure storage/sharing of credentials and other sensitive data.

Devolutions polled 440 IT professionals and decision-makers in SMBs throughout the globe. Topics included cyberattacks, cybersecurity training and investments, and privileged access and password management.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Kelly Teal or connect with her on LinkedIn.


Read more about:

MSPsChannel Research

About the Author(s)

Kelly Teal

Contributing Editor, Channel Futures

Kelly Teal has more than 20 years’ experience as a journalist, editor and analyst, with longtime expertise in the indirect channel. She worked on the Channel Partners magazine staff for 11 years. Kelly now is principal of Kreativ Energy LLC.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like