Cybersecurity spending is predicted to be cut by 41% of SMEs over the coming year amid the challenging economic environment, according to new research by JumpCloud.
Nearly three-quarters (72%) of IT admins surveyed in the US, UK and India agreed that any cuts to their security budgets will increase organizational risk.
SMEs in India were most likely to experience cybersecurity cuts (58%). This was followed by the US (40%) and UK (25%).
The risk of budget cuts comes despite respondents identifying security as their biggest IT challenge (56%).
Over half (56%) of IT admins also said they’re more concerned about their organization’s security posture than they were six months ago.
Additionally, there was significant unease around the impact of AI on cybersecurity. Nearly two-thirds (62%) agreed that AI is outpacing their organization’s ability to protect against threats overall.
The top three cybersecurity threats facing SMEs are network attacks (40%), software vulnerability exploits (34%) and ransomware (29%).
Rajat Bhargava, CEO of JumpCloud, noted: “While AI is the buzzword that grabs headlines, it’s security that remains a paramount concern for IT teams given the increasing sophistication of external threats and rising regulatory pressures.”
A Sage report in October 2023 found that 48% of SMEs experienced at least one cyber incident in 2023.
Biometric Authentication Surging Among SMEs
The report found that two-thirds (66%) of SMEs require the use of biometrics for employee authentication. This represents a significant increase from 55% in April 2023, JumpCloud found.
The growing take-up of biometrics appears to be primarily driven by security considerations.
Nearly two-thirds (60%) agreed that adopting biometrics would make their organization’s security posture stronger, while biometrics was seen as the most secure method for authentication (33%). This was followed by one-time passcodes (25%) and verification app (23%).
However, 83% of IT admins reported that their organization uses password-only authentication for at least some IT resources. This is despite 28% admitting that password-only authentication is not adequate to protect their organization’s resources.
A significant concern for respondents is balancing security and convenience for staff. Over two-thirds (67%) said that additional security measures generally means a more cumbersome experience.
The use of single sign on (SSO) is one way IT teams are attempting to balance security and experience, with 87% adopting this authentication method for some resources.
UK SMEs Least Prepared for Cyber-Attacks
The report found that UK SMEs are less prepared for cyber-attacks than counterparts in the US and India:
- 62% of UK SMEs offer formal cybersecurity training, opposed to 72.5% in the US and 74% in India
- 78% of UK SMEs have an IT security on staff versus 87% in the US and 94% in India
- 65% of UK SMEs are financially prepared to recover from a cyber-attack versus 75% in the US and 80% in India
- 72% of UK SMEs have a cybersecurity plan compared to 82% in the US and 87.5% in India