Techaisle Blog

Techaisle’s worldwide survey of N=5505 SMBs covering 1-999 employee size segment reveals that 34% of small businesses (1-99 employees size segment) experienced one or more cyberattacks in the last one year. The percent jumps to over 50% when mobility security attacks and internal malicious thefts are included. Technology is to businesses in the 21st century what roads and assembly lines were in the 20th: the platform on which all processes are based, on which all business is conducted. But with the limitless potential of IT/business infrastructure comes a vast and growing set of threats. Small businesses cannot simply rely on regulators or the ‘rules of the road’ (from telcos or hyperscale cloud providers) for protection – they need to take action to safeguard their customers, their staff, their devices and their confidential corporate information.

Large enterprises have the means to hire SWAT teams of infosec professionals. But what can and should smaller businesses do, to grasp the potential of technology without opening themselves up to cyber threats? Survey data shows that only 3% of small businesses have full-time internal dedicated IT security staff. Let that data point sink in. Regardless of the relatively tiny presence of security staff, as compared to 87% within midmarket firms and 100% in enterprise segment, 55% of small businesses are currently handling their security needs internally and if the projected plans are followed-through then it will increase by another 25%. However, small businesses are not naïve. 61% are also outsourcing either all or some of their security needs to MSPs and other channel partners and plan to increase their outsourcing commitment by 41%. For 37% of small businesses, insufficient IT budget is a major constraint towards seeking outside expert advice, deployment and security management. Although 55% of small businesses are confident about recovering from a cybersecurity incident, 32% are quick to admit that they need external services to define an overall security strategy, help select right-fit security technology/products and assist in determining the risks faced by the organization.

The next question is - what worries small business executives?

1. Connected business will be everyone’s problem.

The key focus of business investment will be more about the “work”: the ways that an increasingly-connected business can support pursuit of previously-unattainable objectives. The most important SMB & Midmarket technology-related adoption in 2020 will be this focus on connectedness – cloud, platforms, edge, devices, applications, security, collaboration, workspaces and insights. With the connective fabric rapidly becoming ubiquitous, businesses of all types and sizes will move beyond just the network access, and concentrate instead on using technologies to drive progress across the four pillars of digital transformation: operational effi-ciency, customer intimacy, employee empowerment and product innovation.

2. Momentum building for consumption-based IT acquisition.

Increasingly within SMBs and midmarket firms discrete sales of individual products or integrated systems will be replaced by agreements to provide IT capacity and business functionality “as-a-Service”. In 2020, the trend will be more midmarket driven than small businesses. 20% of midmarket firms will move towards OPEX-based agreements where these firms will look for flexibility and will prefer to acquire technology based on usage – namely IT consumption model – driven primarily because of current IT asset under-utilization.

3. Customer intimacy will take a whole new meaning.

Every SMBs’ survival is dependent upon customers and 2020 will see a ground-breaking year when customer intimacy (acquisition, retention, experience & satisfaction) will drive IT adoption and business process evolution. By the end of 2020, for 45% of SMBs, need for customer intimacy will drive IT adoption and 76% of new SaaS adoption will be customer focused. As a result, 15% of small businesses and 24% of midmarket firms will have “Top Notch” customer facing digital presence.

4. Need for Embedded Collaboration will be clear and present.

Anywhere, anytime also means any type of collaboration. Collaboration solutions cannot be deployed on stand-alone platforms – they need to be viewed as a framework for integrating multiple capabilities, native to multiple applications. By the end of 2020, 80% of SMBs will benefit from embedded collaboration and for high-growth, innovative businesses, effective, e¬fficient collaboration will be in their organizational DNA to deliver decision agility, business agility and innovation agility.

5. Regardless of the question, analytics will provide an answer.

In 2020, SMBs will see a new attitude and culture that will value and use data as a meaningful way to gauge overall performance and specific areas of interest at a glance will become prevalent. SMBs will demand Key Performance Indicators (KPIs) as a standard part of application architectures as well as a meta-directory of KPIs that all applications can access. It may finally become possible for SMBs and Midmarket firms measure and optimize for elusive objectives like Return on Marketing Investment, Optimal Pricing, Cost of Acquisition and Lifetime Customer Value. By the end of 2020, 15% of SMBs will be highly data driven and 30% will be using cloud-based prescriptive analytics and 50% of midmarket firms will demand AI-driven analytical platforms to proactively prescribe actions that will mitigate risk / increase opportunity within the predicted future.

Techaisle’s Europe SMB and Midmarket security adoption trends survey shows that both small businesses and midmarket firms recognize that cloud poses a risk to their data: “cloud usage/services put us at a higher risk of a data breach” is the security-related statement that resonates most with small businesses, and it is one of the top three issues identified by midmarket respondents. However, 24% believe that they are better prepared than most to address cloud security issues. “Our security budget is sufficient to meet our needs” is the most commonly-advanced statement on IT security by small businesses but 52% of midmarket firms believe that their "budget is not sufficient to meet their security needs". Only 8% of European small businesses have formal security protocols in place to respond to a security incident as compared to 32% of midmarket firms.

There is no denying the threats that IT security frameworks address are becoming both more pernicious and a greater threat to the success of IT-dependent businesses – which is to say, nearly all businesses. Survey data also shows that in Europe, 52% of small businesses and 62% of midmarket firms experienced one or more security incidents in the last one year.

At least within the European SMBs and midmarket firms there seems to be adequate awareness of the quantity, variety and severity of threat sources but the unpreparedness is in part due to weak reporting of breaches when they occur, with only events too big to hide becoming the subjects of public discussion. Tougher disclosure legislation will make SMBs more aware of the extent of IT security issues – which in turn will likely boost investment in security solutions and reduce the number of respondents expressing comfort with their current state of readiness.

Despite the dichotomy of potential of security threats and overconfidence, SMBs are concerned about their threat landscape, both at the PC-level as well as with cloud.

Data clearly shows that small businesses and midmarket firms have very different perceptions of cyber-security risks, security approach and attitude, cloud and end-point security concerns and most effective security solutions to protect cloud data.

A review of cloud security threats and mitigation options available to European SMBs illustrates the fact that while cloud brings unique challenges, the measures used to address the expanded threat profile are consistent with those that would represent good practice in any infrastructure context. 37% of SMB survey respondents are concerned with data exposure during transfers to remote locations, 35% are concerned with the potential for cloud-based accounts to be hijacked, and 28% are worried about unauthorized access to or breaches of data repositories in the cloud, insecure interfaces used to access cloud-based systems, the potential for insiders within a cloud service provider to exfiltrate information, and denial of service (DDoS) attacks – all of which represent cloud-specific threats.

SMBs have very strong perception and understanding of technologies and practices that are considered most effective at protecting data in the cloud and addressing their cloud security concerns. These include data and network encryption, intrusion detection and prevention (IDP), the setting and enforcement of security policies, the creation of data boundaries that separate different information sets, use of access control technologies, and unified threat management. Unlike the threats, though, that are specific to cloud/hybrid IT infrastructure, these approaches do not arise uniquely from use of cloud: they can and should be applied within environments that are not cloud based as well. Any business that relies on a network and supports mobile users (necessitating access control) would do well to implement all of these measures.

Techaisle believes that there are different take-aways for suppliers focused on small and midmarket customers. In small business, there is a need to educate buyers about the gaps that exist between current preparedness and risks, and between small business readiness and the approaches that are common within larger organizations: small businesses need to understand where and how to invest in a wider range of security solutions, especially with respect to covering threats associated with mobility and cloud. There is also a need to respond to price-performance pressures.

Clearly, security itself is a complex solution area, and the marketing challenges faced by suppliers – which need to articulate solutions in terms that are appropriate to small and midmarket businesses, to BDMs and ITDMs, and via sources and channels that are relevant to the evaluation and purchase process – are complex in their own right. Security permeates all aspects of IT service delivery – and as a result, success in navigating the solution and marketing needs offers great upside for successful suppliers.