SMB Cybersecurity Budgets Rise 14%

Written by Pam Baker
March 20, 2019

MSSPs find new opportunities in SMBs whose budgets are growing.

A new study sponsored by cloud security provider Armor and conducted by 451 Research found that small and midsize businesses (SMBs) are increasing their cybersecurity budgets by 14 percent this year. Even so, a lack of time, talent and other resources are hobbling these companies’ efforts to better secure their data. The combination of increased budgets and accelerating needs means SMBs likely pose new or expanded opportunities for MSSPs.

While SMBs are struggling to meet several challenges, they have made significant progress in several areas. For example, 89 percent of the 250 companies surveyed reported they have a single executive charged with managing information security, such as a CISO, CSO or VP of infosec. 451 Research says that’s a marked increase from its previous study which found only slightly more than half (53 percent) of SMBs had an executive focused on security issues.

Fifty-nine percent of those surveyed reported they were able to respond to most security alerts within an hour, while 89 percent said they remediated confirmed threats in less than six hours. 451 Research says these too are notable improvements.

Even so, SMBs are still struggling with several key security issues. Respondents named cloud security as a top security challenge, yet 64 percent said they’re trying to cope with it on their own. Multicloud environments are steepening the challenges.

While overall response times have drastically improved, SMBs reported that one in four (25 percent) alerts end up ignored. Alert fatigue is a large and growing problem. But the polled SMBs also cited “competing priorities, lack of resources, a lack of threat intelligence, and a lack of automation” as hindering their ability to investigate all security alerts.

But the biggest obstacle SMBs face is in detecting and stopping advanced and emerging threats, according to the study.

The study found that more than 80 percent of the surveyed companies are increasing their cybersecurity budgets by an average of 14 percent. Those who increased their budgets said they expect to “spend more of their budgets on security tools delivered from the cloud while decreasing spending on people and commercial off-the-shelf software and hardware over the next two years.”

451 Research’s Aaron Sherrill

MSSPs are well-positioned to assist SMBs in improving their security in the cloud and on premises — especially when SMBs are further challenged by multicloud environments.

“Small and midsize enterprises, faced with the same threats and challenges as large enterprises, are making significant strides in improving their overall security posture,” said Aaron Sherrill, senior analyst for 451 Research. “With cybersecurity threats on the rise, it’s encouraging to see that SMEs are moving beyond basic security and are now tackling the more complex issues that come with the shift to a hybrid and multicloud infrastructure.”

Further, SMBs echoed the same position as many of their larger counterparts: not enough talent on board or available for hire to deal with advanced and emerging threats, coupled with the opposing desire to decrease spend on people. Providing a solid answer to that conundrum has always been a sweet spot for MSSPs.

Demonstrating access to advanced tools for cloud management and other issues, plus a deep talent bench, is likely a good approach in pitching SMBs.