Techaisle research shows that the SMB and Midmarket spend on IT security will likely be US$84.2 B in 2023, an increase of 9.6% from 2022. IT security is the 2nd top priority for SMBs and 1st priority for core midmarket and upper midmarket firms. Between 55% and 54% of firms consider preventing cyberattacks a priority. 52% of SMBs and 71% of midmarket firms experienced ransomware attacks last year. Similarly, 56% of SMBs and 88% of midmarket firms had cyberattacks. Yet only 32% of SMB and midmarket employees understand phishing. Only 15% of employees have had security awareness training. At the same time, 41% of SMBs and midmarket firms are sure that 100% of their employees have access privileges beyond what they require. The two most significant challenges are implementing security cost-effectively and meeting business requirements.
Techaisle Blog
The 2023 worldwide SMB, Core Midmarket, and Upper Midmarket IT Security spend will likely be US$84 billion. Additionally, 38% of SMBs and 35% of upper midmarket firms will likely purchase IT security solutions from managed services providers (MSPs). In today’s SMB market, it is critical for vendors to build a detailed understanding of the small, core midmarket, and upper-midmarket segments and to align resources and strategies with requirements as these businesses move from initial experimentation with sophisticated solutions toward mass-market adoption. In the latest research, Techaisle analyzed 2035 survey responses to provide the insight needed to build and execute on security strategies for the small and midmarket customer segments. We find there are six key trends:
Beyond the six key trends, research finds:
- A high proportion of SMBs and upper midmarket firms report that they experienced security breaches last year. However, despite this high exposure rate, most SMBs believe they are either “fully prepared and confident” or “as prepared as they can be” for security issues.
- Small and midmarket firms recognize that the cloud increases the potential for security breaches but are confident – overly so, in Techaisle’s view – in their ability to cope with this expanded risk profile. As a result, most SMBs rely on core security practices and technologies to address cloud-specific threats and are underinvested in cloud security solutions.
- Security solutions currently in use can be divided into four categories: protection of the mobile environment, protection of data entering the corporate environment, traffic inspection and management, and protection of data being used within the corporate environment.
- Security-as-a-Service suppliers have had the most success thus far with data center/server, network, and endpoint security offerings.
- BDMs play an active role in setting security policies, but technical buyers are most likely to acquire security solutions. These technical buyers focus primarily on solution reliability; more junior security professionals focus on support, and senior IT management looks at price/performance.
- Marketing messages aimed at security buyers should be incorporated within preferred source containers (e.g., whitepapers, case studies, blog posts, etc.) and distributed through preferred channels (e.g., vendor websites, search) aligned with different stages of the security decision process. For example, data shows that some source types, including product trials/demo videos and case studies, are essential in identifying and selecting security vendors.
