Techaisle Blog

In the digital age, where data is the new gold, the midmarket is facing a silent, yet devastating crisis: a glaring lack of cyberattack readiness. A recent study by Techaisle, titled "SMB & Midmarket Security Adoption Trends," paints a grim picture, revealing that many mid-sized businesses are woefully unprepared for the inevitable onslaught of cyber threats. The numbers do not lie, and they are screaming for attention.

The $11 Million Wake-Up Call

The average financial loss from security incidents in the midmarket sector is $11 million. This substantial amount can significantly impact a company's financial stability, undermine customer trust, and potentially lead to bankruptcy. This statistic alone underscores the urgent need for midmarket CEOs and IT managers to prioritize cybersecurity.

Moreover, it is concerning that 34% of midmarket firms lack a security protocol for responding to security incidents. This unpreparedness is akin to a fire department without an escape plan. When a cyberattack occurs, these companies are often left without a clear response strategy, resulting in increased confusion and substantially higher losses.

The Shadow Pandemic of Undetected Attacks

The study also reveals that 57% of midmarket firms have experienced a security incident, and most attacks go undetected. This is a shadow pandemic, where breaches occur silently, festering within systems for months, even years, before they are discovered. The longer an attacker has access, the more damage they can inflict, stealing sensitive data, disrupting operations, and demanding hefty ransoms.

Confidence Crisis and Risk Blindness

A significant concern is the lack of confidence among midmarket leaders. 36% of these firms acknowledge their uncertainty in recovering from a security incident primarily due to inadequate preparedness. Without comprehensive incident response plans, strong security infrastructure, and skilled personnel, recovery efforts can become highly challenging, often resulting in prolonged downtime and irreparable damage.

Additionally, 35% of midmarket firms do not have established risk frameworks. This deficiency in proactive risk assessment and management increases their susceptibility to various threats, including ransomware, phishing, data breaches, and insider attacks. Consequently, these firms face substantial vulnerabilities regarding their data security.

The Security Awareness Black Hole

A significant issue is the lack of security awareness training; 72% of midmarket firms do not provide it. This means employees, the weakest link in security, are vulnerable to phishing, malicious links, and weak passwords. Without training, they can inadvertently aid cyberattacks.

Cloud Security: A False Sense of Security

Cloud has brought immense benefits, but it has also created a false sense of security. 60% of midmarket firms feel that native cloud security is not sufficient. While cloud providers offer basic security features, they are not a silver bullet. Businesses must implement robust security measures, including data encryption, access controls, and threat monitoring, to protect their cloud assets.

Underprepared and Overwhelmed

The study ultimately underscores a widespread sense of inadequacy among midmarket firms. Nearly half, 49%, perceive themselves as less prepared than their counterparts. This perception of being outmatched and overwhelmed can result in complacency and inaction, thereby increasing their susceptibility.

The Path to Resilience: A Call to Action

The Techaisle study underscores the cybersecurity vulnerabilities facing midmarket companies. However, proactive measures can build robust defenses. 

Techaisle’s recent survey of over 2100 businesses shows that 53% of midmarket firms have shifted their focus to smaller AI wins as they result in reduced risk, faster ROI, enable flexibility, build trust and capability, and target specific immediate pain points. These early wins can serve as a springboard for more significant, more ambitious AI initiatives, ultimately driving long-term growth and success. This trend was first highlighted on July 31st during a podcast recording, where I was asked about the specific AI trends Techaisle and I were watching. My response was clear: small wins. This insight was grounded in our data-driven research, and the evidence presented in this article further supports this conclusion.

Pursuing smaller, more manageable AI projects is increasingly becoming the preferred strategy for midmarket firms. This shift is primarily driven by a series of significant roadblocks hindering the widespread adoption of AI.

A staggering 82% of midmarket companies cite cost and a lack of sufficient investment as primary obstacles. The substantial financial commitment often required for large-scale AI initiatives burdens these organizations considerably. Additionally, 63% of midmarket firms grapple with insufficient technology infrastructure, highlighting the need for robust IT systems to support AI applications.

Uncertainty also plays a significant role. 59% of midmarket companies express a lack of clarity on AI implementation, underscoring the complexity and challenges associated with integrating AI into existing business operations. Furthermore, trust and security concerns, cited by 51% of respondents, pose substantial barriers to AI adoption. The sensitive nature of data and the potential risks associated with AI systems have led to a cautious approach among many organizations. Finally, data quality and accessibility remain critical challenges. 38% of midmarket firms struggle with a lack of curated data and the inability to ingest quality data, hindering AI model development and performance. These collective challenges have compelled midmarket organizations to adopt a more pragmatic approach to AI. By focusing on smaller, more attainable projects, these firms can mitigate risks, accelerate time-to-value, and build momentum while addressing the limitations imposed by these roadblocks.

Techaisle data shows that while the preference for small wins is consistent, there are notable differences in the intensity of this preference across vertical industries.

The landscape of GenAI is rapidly evolving, and midmarket firms are striving to keep pace with this change. New data from Techaisle (SMB/Midmarket AI Adoption Trends Research) sheds light on a fascinating trend: adopting multiple large language models (LLMs), an average of 2.2, by core and upper midmarket firms. Data also shows that 36% of midmarket firms are piloting with an average of 3.5 LLMs, and another 24% will likely add another 2.2 LLMs within the year.

The survey reveals a preference for established players like OpenAI, with a projected penetration rate of 89% within the midmarket firms currently adopting GenAI. Google Gemini is close behind, with an expected adoption rate of 78%. However, the data also paints a picture of a dynamic market. Anthropic is experiencing explosive growth, with an anticipated adoption growth rate of 100% and 173% in the upper and core midmarket segments, respectively. A recent catalyst in midmarket interest for Anthropic is the availability of Anthropic’s Claude 3.5 Sonnet in Amazon Bedrock.

This trend towards multi-model adoption signifies a crucial step – midmarket firms are no longer looking for a one-size-fits-all LLM solution. They are actively exploring the functionalities offered by various models to optimize their specific needs.

However, the data also raises questions about the long-term sustainability of this model proliferation due to higher costs, demand for engineering resources (double-bubble shocks), integration challenges, and security. Additionally, market saturation might become a challenge with several players offering overlapping capabilities. Only time will tell which models will endure and which will fall by the wayside.

Furthermore, the survey highlights a rising interest in custom-built LLMs. An increasing portion of midmarket firms (11% in core and 25% in upper) will likely explore this avenue. In a corresponding study of partners, Techaisle data shows that 52% of partners offering GenAI solutions anticipate building custom LLMs, and 64% are building SLMs for their clients, indicating a potential shift towards smaller specialized solutions.

Why Multi-Model Makes Sense for Midmarket Firms

The journey from experimentation to full-fledged adoption requires a strategic approach, and many midmarket firms are discovering the need to experiment with and utilize multiple GenAI models. There are several compelling reasons why midmarket firms believe that a multi-model strategy might be ideal:

Specificity and Optimization: Various LLMs specialize in different tasks. Midmarket firms believe they can benefit from a multi-model strategy, using the best-suited model for each purpose. This may enhance efficiency and precision across a broad spectrum of use cases. Since GenAI can reflect biases from its training data, a multi-model approach also serves as a safeguard. Combining models informed by diverse datasets and viewpoints ensures a more equitable and efficient result.

Future-Proofing: LLMs are rapidly advancing, offering a stream of new features. Without a visible roadmap from LLM providers, midmarket firms hope to benefit from using various models to stay current with these innovations and remain flexible in a dynamic market. As business requirements shift, a diversified model strategy enables modification of their GenAI tactics to align with evolving needs. This strategy permits businesses to expand specific models to meet increasing demands or retire outdated ones as necessary.

Despite the benefits, midmarket firms are also experiencing challenges

High Cost: LLMs have a high price tag, particularly for smaller midmarket companies. Creating and maintaining an environment that supports multiple models leads to a substantial rise in operational expenses. Therefore, a small percentage of midmarket firms are conducting a thorough cost-benefit analysis for every model and optimizing the distribution of resources to ensure financial viability over time. Managing and maintaining multiple LLMs is time-consuming, as different models have varying data formats, APIs, and workflows. Developing a standardized approach to LLM utilization across the organization has been challenging, and a lack of engineering resources has surfaced.

Specialized Skills: Deploying and leveraging multiple LLMs necessitates specialized skills and knowledge. To fully capitalize on the capabilities of a diverse GenAI system, it is essential to have a team skilled in choosing suitable models, customizing their training, and integrating them effectively. Midmarket firms are investing in training for their current employees or onboarding new specialists proficient in LLMs.

Integration Challenges: Adopting a multi-model system has benefits but can complicate the integration process. Midmarket firms are challenged to craft a comprehensive strategy to incorporate various models into their current workflow and data systems. The complexity of administering and merging numerous GenAI models necessitates a solid infrastructure and technical know-how to maintain consistent interaction and data exchange among the models.

Midmarket Firms Intend to Adopt DataOps to Develop GenAI Solutions Economically

While large enterprises have shown how effective DevOps can be for traditional app development and deployment, midmarket firms notice that conventional DevOps approaches may not fit as well for emerging AI-powered use cases or GenAI. Techaisle data shows that only half of the midmarket firms currently have the necessary talent in AI/ML, DevOps, hybrid cloud, and app modernization. Although DevOps is great for improving the software lifecycle, the distinct set of demands introduced by GenAI, primarily due to its dependence on LLMs, poses new hurdles.

A primary focus for midmarket firms is ensuring a steady user experience (UX) despite updates to the foundational model. Unlike conventional software with updates that may add new features or bug fixes, LLMs are built to learn and enhance their main functions over time. As a result, while the user interface may stay unchanged, the LLM that drives the application is regularly advancing. However, changing and or even swapping out these models can be expensive.

DataOps and AnalyticsOps have emerged as essential methodologies tailored to enhance the creation and deployment of data-centric applications, much like those powered by GenAI. DataOps emphasizes efficient data management throughout development, ensuring the data is clean, precise, and current to train LLMs effectively. Conversely, AnalyticsOps concentrates on the ongoing evaluation and optimization of the GenAI applications' real-world performance. Through persistent oversight surrounding user interaction, DataOps and AnalyticsOps empower midmarket firms to pinpoint potential enhancements within the LLM model without requiring extensive revisions, facilitating an incremental and economical methodology for GenAI enrichment. Ultimately, midmarket firms are considering adopting DataOps and AnalyticsOps with a strategic intent to adeptly handle the intricacies inherent in developing GenAI solutions. By prioritizing data integrity, continuous performance assessment, and progressive refinement, these firms hope to harness GenAI's capabilities cost-effectively.

Final Techaisle Take

The success of GenAI implementation probably hinges on a multi-model strategy. Firms that effectively choose, merge, and handle various models stand to fully exploit GenAI's capabilities, gaining a considerable edge over competitors. As GenAI progresses, strategies to tap into its capabilities must also advance. The key to future GenAI advancement is employing various models and orchestrating them to foster innovation and success.

Techaisle's study on SMB and Midmarket Security Adoption Trends projects that IT security spending by small and mid-sized businesses worldwide is expected to reach US$90 billion in 2024, showing a 9.4% increase from the previous year. In the US alone, the market expenditure is set to rise by 8.3%. Significant investments will concentrate on Endpoint Protection, Network Security, and Identity and Access Management, with MDR (Manage, Detect, Respond) services seeing the most rapid growth in the SMB and midmarket sectors.

A significant increase in funding for IT security is projected among high-growth SMBs. Notably, 21% of rapidly growing small and medium-sized enterprises (SMBs) and 26% of mid-sized companies are forecasting a minimum growth of 15% in their IT security budgets for 2024. Highly innovative organizations are committed to improving security measures as well, with 18% of SMBs and 21% of midmarket companies planning to boost their spending by 12% compared to the previous year.

Techaisle's data also reveals a concerning cybersecurity preparedness gap among small and medium-sized businesses, with 42% having no cyber incident response plan. Despite nearly half experiencing security breaches, often going unnoticed, only 40% are confident in their recovery capabilities, likely downplaying the risks. These cyberattacks come at a high cost, with SMBs' average annual losses reaching $1.4 million. Contributing to this issue is the fact that 46% of these businesses lack formal risk assessment methods, indicating a serious underestimation of online threats.

Addressing SMB and Midmarket security issues can be done through various lenses. Segmenting security adoption into four categories—Prevent & Protect, Detect & Respond, Adapt & Comply, Restore & Recover—provides an understanding of preferred solutions and areas poised for growth. This framework helps clarify how these companies prioritize and distribute funds for cybersecurity strategies.