Business survey: SMEs are increasing their security budgets, but they need more support from suppliers
Almost half of the respondents to our recent survey of small and medium-sized enterprises (SMEs) in Germany, Singapore, the UK and the USA are planning to invest more in cyber-security products and services. Very few SMEs (less than 15% of respondents) are planning to decrease their investments in data security.
SMEs are well-aware that there are significant threats to their data security, and that their vulnerability increased as a result of the pandemic. However, many SMEs are still not adequately protected, and many are planning to use some of their rising IT budgets to address their security shortfalls. This is good news for security solutions vendors, service providers, managed service providers (MSPs) and telecoms operators.
SMEs’ planned increase in cyber-security spending is good news for security providers
Most SMEs surveyed intend to maintain their current levels of spending on cyber-security solutions in the next 12 months or increase them. The larger the firm, the more likely it is to increase its security spend (Figure 1). Micro businesses will need more education and support when it comes to making cyber-security investments than the larger SMEs, but still represent a significant opportunity for security vendors.
Figure 1: SMEs’ cyber-security spending plans for the next 12 months, Germany, Singapore, UK, USA, 2022
SMEs took a variety of measures to support the large number of employees that were forced to work from home as a result of the pandemic and to secure their data. This included deploying additional security solutions (36%), increasing VPN capacity/seats (31%) and enforcing additional security training (31%). Half of the SMEs surveyed expect to increase their security spending even more in the coming year, despite the investments already made to augment their data security. However, some SMEs may be limited by budgets; this is especially true for micro businesses (0–9 employees).
Businesses that plan to increase their cyber-security spending fall into two categories:
- companies that have already deployed a solution but are looking to upgrade
- those that are planning to deploy a solution for the first time.
Endpoint protection and email security are the most popular categories for upgrades among SMEs that have already installed solutions. SMEs that are planning first-time deployments reported being most likely to install solutions for endpoint detection and response (EDR) and web security. Mobile device management (MDM) and mobile threat defence (MTD) solutions are also likely to be adopted for the first time by a significant number of SMEs.
SMEs’ spending on cyber security worldwide is expected to increase by 14% per year between 2021 and 2026
SMEs’ spending on cyber security worldwide is expected to increase from USD46.3 billion in 2021 to USD72 billion in 2026, according to Analysys Mason’s SMB Technology Forecaster (Figure 2). This represents an increase of 14% per year.
Figure 2: SMEs’ cyber-security spending, worldwide, 2021 and 2026
SMEs’ investments in remotely managed security services will be one of the key drivers of the rapid growth in overall spending; these are expected to increase from USD15 billion in 2021 to almost USD29 billion in 2026. Indeed, a third of the SMEs surveyed that do not already use managed security services reported a strong interest in doing so in the coming year. SMEs expect to prioritise support for remote workers and remote management of their IT infrastructure (including data security), and managed security solutions provide an effective means of doing so.
Providers can capture a greater share of SMEs’ security spending by offering flexible payment options and solutions that are bundled with other services
SMEs are looking for cyber-security solutions that are bundled with other services, especially those that include value-added support and are offered with flexible payment options. Indeed, two thirds of the SMEs surveyed reported that they prefer to purchase their security solutions together with other services.
SMEs are also very interested in working with their partners (such as MSPs, telecoms operators and security vendors) to improve their data security, and are looking for security advice and support from their providers. Indeed, 73% of respondents reported that having assistance from their IT, telecoms or technology suppliers when upgrading their security to cover new problems (such as remote working, collaboration and BYOD) would be helpful or very helpful.
Cost is a key factor in SMEs’ data security investments: 69% of SMEs surveyed reported that it would be helpful for providers to offer flexible payment terms, and 29% said that a limited IT security budget and high-cost security solutions are key barriers to them having highly effective cyber-security capabilities. This means that providers need to have a range of solutions and payment options to suit SMEs’ needs and budgets. Cyber-security value propositions that include a significant amount of education, onboarding and employee training are likely to resonate best with SMEs.
The SME market represents a sizeable opportunity for security providers. SMEs’ annual spending on cyber security is expected to reach USD72 billion by 2026, so security solution providers need to focus on the specific needs of these smaller businesses. SMEs’ budgets can be constrained compared to those of large enterprises, but their data security concerns are nonetheless very strong. As such, cyber-security vendors should offer easy-to-use, scalable solutions that are geared towards SMEs’ level of IT expertise.
Operators have an opportunity to deliver SD-WAN to more than 3.5 million SME sites
Cyber-security vendors' revenue tracker 3Q 2022
Government funding for digitalisation can enable operators to increase SMEs’ take-up of their services