The state of SMB cybersecurity in 2020

| By:
Jay Ryerse

While COVID-19 has brought huge disruption and uncertainty this year, cybersecurity still remains a top priority and focal area for small- and medium-sized businesses (SMBs). At least that’s what our new research reveals.

We’ve just released our second annual cybersecurity report, Creating Opportunity From Adversity: The State of SMB Cybersecurity in 2020, which draws upon responses from 700 IT and business decision-makers in SMB organizations across the US, the UK, Canada, Australia, and New Zealand. This year’s findings show us how SMBs are becoming more cybersecurity-conscious, and are driving new levels of investment in cybersecurity to protect their businesses tomorrow. Let’s dive into some of the key takeaways and potential opportunities for TSPs.

Key findings

A lot has changed in the past year, but one thing that has remained constant is how cybersecurity continues to be top of mind across the SMB community. In fact, 86% of SMBs say that cybersecurity is within their top five priorities for their organization. This is also reflected in how SMBs are investing in cybersecurity. Almost three-quarters (73%) of SMBs plan to invest more or much more in cybersecurity in the next 12 months. And this investment is mainly driven by perceived risk: 60% of SMBs claim they will invest more in cybersecurity because it reduces risk for their organization.

This year’s research also highlights how there’s a widespread cybersecurity skills gap among SMBs. Over half of SMBs surveyed (52%) agree they lack the in-house skills necessary to properly deal with security issues, and 57% report lacking cybersecurity-specific experts in their organization.

This evident skills gap, however, is helping drive the adoption of outsourced services—creating more opportunities for MSPs. Almost 6 in 10 SMBs (59%) believe that all or a majority of their cybersecurity needs will be outsourced in five years’ time, and 49% of SMBs find more cybersecurity expertise as an added benefit of working with an MSP.

New cybersecurity trends in 2020

So what is different and new from last year? For one, cybersecurity expertise—or more importantly, the lack of it—can have serious consequences for MSPs in an increasingly competitive market. More than 9 in 10 SMBs (91%) say that they would consider either using or moving to a new MSP if they offered the “right” cybersecurity solution. But what does that “right” solution look like? Well, for 68% of SMBs, they say it’s confidence in an MSP’s ability to respond to security incidents, while 58% say it’s confidence to minimize damage or loss. For those SMBs who are focused on finding the right offering, the odds may favor MSPs who can reinforce confidence in their capabilities and their cybersecurity offering.

And of course, we’d be remiss if we didn’t mention COVID-19 and the impact that it has had on both MSPs and your clients. We’ve already experienced how the pandemic has resulted in an increase in cyberattacks, but it did not significantly impact respondents’ views towards prioritizing cybersecurity. Yet with new environments, such as remote workforces, this also brings new concerns for SMBs: 79% are worried about their remote devices or remote employees being breached.

If we look at the silver lining, these expanding remote workforces can also present new areas of growth for MSPs. And this theme of new opportunities is a common one in this year’s research. There’s an increased market opportunity for MSPs who participate in ongoing cybersecurity training, who stay up to date on the latest threats, and who can instill confidence and build closer relationships with clients. It’s these MSPs that can master the balance between people, processes, and cybersecurity technology who will be strongly positioned for growth not only post-pandemic, but in the many years ahead.