The 2023 worldwide SMB, Core Midmarket, and Upper Midmarket IT Security spend will likely be US$84 billion. Additionally, 38% of SMBs and 35% of upper midmarket firms will likely purchase IT security solutions from managed services providers (MSPs). In today’s SMB market, it is critical for vendors to build a detailed understanding of the small, core midmarket, and upper-midmarket segments and to align resources and strategies with requirements as these businesses move from initial experimentation with sophisticated solutions toward mass-market adoption. In the latest research, Techaisle analyzed 2035 survey responses to provide the insight needed to build and execute on security strategies for the small and midmarket customer segments. We find there are six key trends:
Beyond the six key trends, research finds:
- A high proportion of SMBs and upper midmarket firms report that they experienced security breaches last year. However, despite this high exposure rate, most SMBs believe they are either “fully prepared and confident” or “as prepared as they can be” for security issues.
- Small and midmarket firms recognize that the cloud increases the potential for security breaches but are confident – overly so, in Techaisle’s view – in their ability to cope with this expanded risk profile. As a result, most SMBs rely on core security practices and technologies to address cloud-specific threats and are underinvested in cloud security solutions.
- Security solutions currently in use can be divided into four categories: protection of the mobile environment, protection of data entering the corporate environment, traffic inspection and management, and protection of data being used within the corporate environment.
- Security-as-a-Service suppliers have had the most success thus far with data center/server, network, and endpoint security offerings.
- BDMs play an active role in setting security policies, but technical buyers are most likely to acquire security solutions. These technical buyers focus primarily on solution reliability; more junior security professionals focus on support, and senior IT management looks at price/performance.
- Marketing messages aimed at security buyers should be incorporated within preferred source containers (e.g., whitepapers, case studies, blog posts, etc.) and distributed through preferred channels (e.g., vendor websites, search) aligned with different stages of the security decision process. For example, data shows that some source types, including product trials/demo videos and case studies, are essential in identifying and selecting security vendors.