Business survey 2020: the COVID-19 pandemic will accelerate the cyber-security spend of SMBs in the USA
“Over a quarter of the SMBs surveyed anticipate spending more on cyber-security solutions this year than they had originally planned, while only 7% of them plan to spend less.”
Analysys Mason surveyed over 400 small and medium-sized businesses (SMBs) in the USA in April and May 2020 to assess how the COVID-19 pandemic will affect (and is affecting) their demand for IT services.1 This article uses the results from this survey to examine the pandemic’s impact on SMBs’ adoption of cyber-security solutions and related plans.
Our survey results suggest that the move to working from home (WFH) has accelerated (and will continue to accelerate) the demand for security services among those SMBs that are still in business, even though a sizeable portion of the SMBs surveyed have had to close branch offices or stores (28%) and permanently lay off staff (11%).2 The data shows that the increased use of security solutions is unlikely to only be temporary. Over a quarter of the SMBs surveyed anticipate spending more on security this year than they had originally planned, while only 7% of them plan to spend less.
SMBs’ increased use of cyber-security solutions should translate into higher long-term adoption
44% of SMBs in the USA increased their use of cyber-security solutions in April/May 2020 and/or are planning to do so once ‘shelter-in-place’ regulations have been relaxed (Figure 1). This figure is higher for MBs than SBs because a greater portion of MBs than SBs had plans to increase their security spending in 2020 and MBs in the USA have been less severely financially affected by the pandemic than SBs (another finding of our survey).
Figure 1: Percentage of SMBs that increased their use of cyber-security solutions during the COVID-19 pandemic and/or are planning to do so once ‘shelter-in-place’ regulations have been relaxed, by SMB size and vertical, USA, April/May 20203
Source: Analysys Mason, 2020
The percentage of SMBs that have increased/plan to increase their use of cyber-security solutions does not vary drastically by vertical. SMBs that provide professional services (such as legal, marketing, accounting/tax and management consulting services) are the most likely to have increased (or plan to increase) their use of security solutions, while those that provide ‘other services’ are the least likely. These results reflect the importance of IT security to SMBs in various verticals.
93% of the SMBs that increased their use of cyber-security solutions in April/May 2020 (40% of all SMBs surveyed) plan to maintain this new level of use or increase it further once COVID-19-related restrictions are relaxed. Security vendors and their channel partners that started offering certain solutions free of charge at the beginning of the COVID-19 breakout should examine which solutions have been used the most by SMBs (where this is possible) to more effectively capitalise on these plans for increased use in the long term.
Over a quarter of the SMBs surveyed anticipate spending more on cyber-security solutions this year than they had originally planned
Our survey results show that far more SMBs in the USA will increase their use of cyber-security solutions in 2020 than will decrease it. This is reflected in the changes to SMBs’ security budget plans made in light of the COVID-19 pandemic (Figure 2) and represents an opportunity for vendors.
Figure 2: SMBs’ planned spend on cyber-security solutions once COVID-19-related restrictions are relaxed relative to their pre-COVID-19 plans, by SMB size and vertical, USA, April/May 2020
Source: Analysys Mason, 2020
Figure 2 shows that 26% of SMBs in the USA plan to spend more on cyber-security solutions once COVID-19-related restrictions are relaxed compared to what they had planned to spend prior to the outbreak of the pandemic. This figure is higher for MBs than for SBs, and it varies notably by vertical. SMBs that deliver IT and telecoms and professional business services are the most likely to spend more than they had originally planned on security after restrictions are relaxed. The difference between the percentage of firms that plan to spend more and the percentage of firms that plan to spend less is the largest for these two verticals (33% and 25%, respectively), while it is only 3% for the AMTUC industry grouping. Security vendors and their channel partners should therefore prioritise targeting SMBs in the IT and telecoms and professional business services verticals in the USA in order to access SMBs’ increased cyber-security budgets.
SMBs’ changing attitude towards WFH will be one of the drivers of the increase in adoption of cyber-security solutions
71% of the SMBs surveyed intend to change their WFH policy once the COVID-19 crisis is over. This is especially true for larger SMBs; 50% of SMBs with 1–9 employees plan to make a change compared to 82% of SMBs with 250–499 employees. We expect that most businesses will support an increase in WFH in the long run if they can. This will create a sustainable demand for remote working solutions, many of which are provided primarily by security vendors.
Cyber security is more challenging to manage when employees work remotely and are widely distributed compared to when they are working in an office. We expect that this will drive a long-term, sustained increase in the demand for managed security services by SMBs. This is supported by data from the survey: 27% of SMBs in the USA anticipate spending more on managed IT services once the COVID-19-related restrictions are relaxed than they had originally planned, and only 9% of them plan to spend less. This, coupled with the increase in spending on cyber security that was discussed previously, should provide a sustainable revenue opportunity for security-focused managed service providers that are targeting SMBs in the USA.
1 The sample of 404 firms was split equally between companies with 1–99 employees (small businesses (SBs)) and those with between 100 and 499 employees (medium-sized businesses (MBs)).
2 The survey excluded firms that had gone out of business prior to April/May 2020, and those that had significantly cut back their operations were probably less likely to participate in it.
3 AMTUC stands for agriculture, mining, transportation, utilities and construction; FIRE stands for finance, insurance and real estate; the ‘other services’ category includes admin/support services, repair and maintenance, waste management, healthcare, hospitality and other services not captured in the remaining six categories.