ConnectWise Survey: SMBs Worried About Security Amid Pandemic

A new ConnectWise survey shows COVID-19 has raised new cybersecurity concerns for SMBs. For instance, three-quarters of them worry about their remote devices or remote employees being breached.

Vanson Bourne conducted the SMB State of Cybersecurity report for ConnectWise. The market research firm polled more than 700 IT and business decision makers in the United States, the United Kingdom, Canada, Australia and New Zealand.

Major Findings

Findings from the ConnectWise survey include:

• Nearly all (91%) SMBs would consider moving to a new IT service provider if it offered the “right” cybersecurity solution.
• Two in three (68%) said the “right” offering means having confidence in an MSP’s ability to respond to security incidents. Fifty-eight percent said it’s having confidence in an MSP’s ability to minimize damage or loss.
• More than one-half of SMBs lack the in-house skills necessary to properly deal with security issues. Almost half (49%) find more cybersecurity expertise as an added benefit of working with an MSP.
• Few (13%) SMBs have regular cybersecurity-related conversations with their MSP. Also, 29% talk to their MSP about cybersecurity only after they have suffered an incident.

A vast majority (86%) of SMBs place cybersecurity within the top five priorities for their organization. And six in 10 will invest more in cybersecurity because it reduces risk for their organization.

SMBs seek out MSPs to help close the security skills gap; therefore, this presents a growing market opportunity for these partners to protect clients against the expanding threat landscape.

ConnectWise’s Jay Ryerse

Jay Ryerse is ConnectWise’s vice president of cybersecurity initiatives.

“The stats from the UK were more in favor of the MSP driving forward cybersecurity and in the U.S. it was larger,” he said. “Another finding that was exciting for me as a former owner of an MSP was that 59% of SMBs will outsource cybersecurity in the next five years. It’s time for MSPs to make that pivot and have that conversation about risk to solve the most relevant problem that would impact their business.”

SMBs don’t necessarily know what the right solution is, Ryerse said.

“For example, I don’t think the SMB market grasps the difference between legacy antivirus and endpoint detection and response (EDR),” he said. What the client cares about is whether they’re at risk and that they’re willing to do something. Being the target of an attack in the next six months — that’s worth talking about. The fact SMBs are starting to listen and pay attention to what’s going on in the world is great for SMBs, but we need to increase those conversations.”

All the industries are talking about cybersecurity, so it’s no longer just the MSP talking about it, Ryerse said.

“SMBs are starting to see they’re responsible for their security,” he said. “They know in order to protect the assets they care most about, they need to choose a provider to help them. SMBs need to ask the tough questions. Once we show MSPs what the conversation should look like and sound like, they’ve found it easy to have that conversation with their end clients. The SMB is looking for confidence in their MSP. At the end of the day, it’s all about education.”