7 Key Takeaways from Datto SMB Cybersecurity Report
1. IT professionals are concerned about security and ready to make investments to keep their organizations safe.
SMBs continue to experience significant security challenges and they recognize that they need to spend to solve them, with about half of our survey respondents planning to spend on email security, backup and antivirus protection.
2. Many SMBs need help preparing to recover from security incidents.
More than half of our survey respondents admitted that a successful phishing attack or even worse, a ransomware attack, would seriously wound their organization with some saying that it could be a fatal blow.
3. Few SMBs are cutting back on security spending, instead they’re investing in security.
Four in 10 of our survey respondents said that their organization is increasing their cybersecurity spending, and most expect that to continue – excellent news for MSPs on today’s challenging economy.
4. Phishing is the biggest security woe that SMBs face.
Business IT leaders are worried about phishing and the danger it brings in its wake. This creates revenue growth possibilities for MSPs around email security and security training with phishing simulations.
5. Downtime is costly, but many businesses don’t have the right tools in place to minimize it.
MSPs have a golden opportunity to expand revenue and help their customers reduce expensive downtime with solutions like BCDR, managed SOC and incident response planning.
6. SMBs tend to rely on outsourced IT security.
Businesses need outside help to maintain and enhance their security, and almost half of the IT professionals that we surveyed said that their organization relies on an MSP or MSSP to get the job done.
7. A solid number of SMBs are not happy with their current defensive buildouts.
One-third of our respondents said that they’re unhappy with their current array of security solutions, indicating there’s room for MSPs to maneuver in the market.
SMBs are being proactive about assessing vulnerabilities
The majority of SMBs in all regions are interested in keeping an eye on their IT security vulnerabilities in such a volatile cybercrime climate. That makes them especially keen
on user-friendly solutions that make the vulnerability assessment process quick and easy.
Over one-third of respondents run IT security vulnerability assessments three or more times per year.
SMBs aren’t cutting back on security spending; budgets are rising instead
In the face of rising cybercrime rates and a growing awareness of the damage a cyberattack can do by non- tech decision-makers, IT security budgets have increased in the past year. SMBs are optimistic about them remaining steady or rising in 2023. This offers MSPs the opportunity to encourage customers to make comprehensive security improvements and upgrades.
Four in 10 (42%) of survey respondents reported a boosted IT security budget this year.
Security products
A strong defense against ransomware leads the SMB priority list
In the ransomware era, it’s no surprise that antivirus software (57%) and email security (53%) are at the top of businesses’ implementation lists.
The security solutions that organizations are implementing over the next 12 months
The security solutions that organizations are implementing over the next 12 months
| Solution | Respondents |
| Antivirus software | 57% |
| Email /spam protection | 53% |
| File backup | 49% |
| Managed firewall | 49% |
| Cybersecurity training for employees | 43% |
| Identity and access management | 38% |
| Security operations center | 28% |
| Managed detection and response | 27% |
| Business continuity & disaster recovery (BCDR) | 27% |
Top IT security areas SMBs plan to invest in the next 12 months
| Area of Investment | Response |
| Network security | 47% |
| Cloud security | 45% |
| Cyber insurance | 36% |
| Email/ collaboration tools security | 29% |
| Endpoint security | 27% |
| Vulnerability assessment | 26% |
| Business continuity & disaster recovery (BCDR) | 25% |
| Don’t know | 5% |
A look behind the curtain at the factors SMBs blame for their security problems.
| Issue | Response |
| Phishing emails | 37% |
| Malicious websites/web ads | 27% |
| Weak passwords/access management | 24% |
| Poor user practices/gullibility | 24% |
| Lack of end-user cybersecurity training | 23% |
| Lack of administrator cybersecurity training | 19% |
| Phishing phone calls | 19% |
| Lack of defense solutions (antivirus) | 19% |
| Insufficient security support for different types of user devices | 18% |
| Outdated security patches | 18% |
| Lack of funding for IT security solutions | 17% |
| Lost/stolen employee credentials | 17% |
| Lack of executive buy-in for adopting security solutions | 16% |
| Open remote desktop protocol (RDP) access | 15% |
| Shadow IT | 13% |
SMBs are plagued by phishing
Many of our respondents saw phishing as the prime suspect for security
issues, and more than one-quarter of respondents have experienced an attack on their IT service provider (16% in the past year). This is an opportunity for MSPs to provide highly secure service.
Cybersecurity issues that have affected SMBs business in the last 12 months.
Many of our respondents saw phishing as the prime suspect for security issues, and more than one-quarter of respondents have experienced an attack on their IT service provider (16% in the past year). This is an opportunity for MSPs to provide highly secure service.
Around 42% of SMBs blame their security issues on lack of training.
A look behind the curtain at the factors SMBs blame for their security problems can help you speak to their pain points confidently.
Most SMBs have or are in the market for cyber insurance
Respondents with cyber insurance are also likely to engage in other smart security practices. They generally have more IT support, more CSFs and more security solutions deployed. They are also more likely to have experienced a cybersecurity incident in the past.
Nearly three-quarters of respondents have cyber insurance.
A third of those without cyber insurance are highly likely to invest in it within the next 12 months.
Survey methodology
The Datto SMB Cybersecurity Survey for MSPs Report was created from a subset of data collected in a survey of 2,913 IT decision-makers conducted in July and August 2022. Respondents were required to be an IT decision-maker at an SMB with 10–300 employees. The markets chosen for analysis were North America (U.S. and Canada), U.K., Germany, the Netherlands, Australia and New Zealand and Singapore.