Top IT Security Trends for SMBs

Recently, TSL Tech Research conducted an online research survey to gain insights into how small and medium-sized businesses (SMBs) are using security, the challenges they face, and what they want from cybersecurity service providers. 

The 2024 SMB IT Security Insights Survey uncovered valuable information from more than 1200 business leaders about cybersecurity trends that managed security service providers (MSSPs) can use to optimize how they market IT security services to SMBs. 

Here’s an overview of some of our findings and key takeaways for IT security service providers. 

Top IT Security Concerns for SMBs 

Our research found that IT security is the top area of investment for SMBs with 60% of respondents indicating that they plan to invest in cybersecurity in the next 12 months.  

When we asked mid-sized businesses to identify their top IT security concerns, ransomware was #1.  

The top 3 security concerns were: 

• 48% Ransomware 

• 42% Data breaches 

• 39% Employee negligence 

Followed by: 

• 35% Employee training 

• 33% Regulatory compliance 

• 31% Remote work security 

• 29% Insufficient network security 

• 21% Inadequate backup and recovery 

• 15% Insider threats 

• 6% Physical security 

While SMBs are concerned about external threats, they are also worried about the risk of human error. Significantly, employee negligence, such as clicking on a link in an infected email, can lead to a ransomware attack. 

Key Takeaways: 

MSSPs can capitalize on these survey findings by developing marketing campaigns that promote their ransomware prevention and security awareness training services. 

How Workplace Environments Affect Security Concerns

We discovered that SMBs are using a variety of workplace environments, including in-office, remote, and hybrid workplaces. We wanted to know how workplace arrangements affect attitudes towards IT security. 

Of the SMBs surveyed 56% have created a hybrid workplace with some employees working in-office and some working remotely.  

This finding aligned with an interest in investing in security technologies related to remote work: 

• 56% Plan on investing in Endpoint/Device Security 

• 45% Have plans to invest in Identity and Access Management (IAM) 

• 43% Are looking to invest in Email Threat Defense 

Key Takeaways: 

IT security service firms can use these insights to create messaging that appeals to companies with different work arrangements. For example, marketing campaigns can target remote workplaces with AI-powered security and Endpoint Detection and Response (EDR) services. 

What SMBs Want from IT Security Service Firms 

We asked SMBs how they want IT Security Service providers to improve their services, learning that they want managed security services to be more cost-effective, responsive, and proactive. 

The top 3 things SMBs wanted were: 

• 56% Decrease costs 

• 46% Be more proactive 

• 44% Improve responsiveness 

Followed by: 

• 37% Improve technical expertise 

• 30% Have a more knowledgeable team 

• 30% Decrease issue resolution time 

• 27% Improve overall IT planning 

• 19% Increase business acumen 

Key Takeaways: 

IT security service firms can stand out in a crowded market by creating marketing messages that promote how their cybersecurity services are cost efficient and prevent threats. MSSPs should emphasize how serving a local market enables them to respond quickly and make on-site visits.  

Understanding the Cybersecurity Technology Market 

While we asked SMBs about their use of infrastructure and cloud technology, we wanted to find out how all these decisions aligned with the cybersecurity technology market. 

The top 3 cybersecurity technologies were VMware, Fortinet, and Palo Alto.  

The results broke down like this: 

• 42% VMware 

• 31% Fortinet 

• 23% Palo Alto 

• 15% CrowdStrike 

• 3% Riverbed 

• 31% Other 

When we asked companies to identify which technologies they plan to invest in over the next 12 months, the top choice was cybersecurity technology at 60%. The top 2 infrastructure providers used by SMBs are Cisco at 59% and VMware at 53%, suggesting that network security and virtualization are priorities.  

Planned investments in cybersecurity align with infrastructure choices as follows: 

• 24% of Cisco users plan to invest in cybersecurity 

• 22% of VMware users plan to invest in cybersecurity 

Key Takeaways: 

To win over SMBs, IT security service providers should emphasize their partnerships with leading infrastructure and cybersecurity technology providers. MSSPs should promote their certified expertise in Cisco, VMware, and Fortinet. 

AI Adoption and IT Security 

AI is a significant trend that impacts IT security both by creating risk and providing intelligent ways to defend against and prevent threats. We found that SMBs are slow to adopt robotic process automation (RPA) but are progressing in their AI journey. 

Of the SMBs surveyed: 

• 68% Don’t have any plans to adopt RPA 

• 46% Have started to explore how AI can help their businesses 

• 28% Have some light AI implementations 

Companies in industries with strict compliance standards show a faster rate of AI adoption than other types of businesses. For example, 

Of Finance firms surveyed: 

• 45% Have started to explore the benefits of AI 

• 35% Have some light AI implementation 

Of Healthcare providers surveyed: 

• 39% Have started to explore the benefits of AI 

• 31% Have some light AI implementation 

Key Takeaways: 

Considering these findings, IT security providers should promote their services for AI-powered security, uncovering opportunities for security automation, and developing AI roadmaps. 

Must-Have Security Services for SMBs 

Leaders at SMBs were asked to choose their must-have security services. Security awareness training was #1 with an incident response plan and security audits in a tie for second. 

• 75% Mandatory Annual Employee IT Security Training 

• 68% Comprehensive and Documented Incident Response Plan 

• 68% Annual Security Audit 

Other security services chosen were: 

• 65% Cyber Insurance 

• 23% Cyber Service Retainer 

• 12% Red Team/Blue Team 

When we looked at which services were important to companies that prioritize cybersecurity technology investments, the line-up changed. Employee security training and audits still ranked first and second, but endpoint security came in third. 

• 82% chose Mandatory Annual Employee IT Security Training 

• 75% chose Annual Security Audit 

• 61% chose Endpoint/Device Security 

Key Takeaways: 

MSSPs should use these findings to craft marketing strategies that attract SMBs by promoting security awareness and audit services, as well as endpoint security services. 

TSL Tech Research Methodology 

TSL Tech Research is dedicated to conducting online technology research to help B2B tech companies better understand the technology market. In conducting the IT Security Insights Survey, we targeted small and medium-sized businesses, surveying 1,285 business leaders. The companies surveyed had between 500 and 1,000 employees. 

SMBs in 12 traditional industries, including healthcare, finance, and information technology, were surveyed, as well as those in a wide variety of niche industries. 

Want to explore more findings of the 2024 SMB IT Security Insights Survey? Access the full report here.