SMB Cybersecurity in 2020

By Jay Ryerse, CISSP, VP of Cybersecurity Initiatives at ConnectWise

This year, COVID-19 has impacted the security of virtually every industry and increased cyber crime around remote working environments, education and healthcare. Despite the disruption it has caused, cybersecurity still remains a top priority for small and medium-sized businesses (SMBs).

With the month of October marking National Cyber Security Awareness Month, we are presented with a golden opportunity to discuss the growing importance of cybersecurity within the managed service provider (MSP) community.

Our recently released cybersecurity report, which draws upon responses from 700 IT and business decision-makers in SMB organizations across the US, the UK, Canada, Australia and New Zealand, sheds light on how businesses are viewing cybersecurity.

Key Findings 

While many things have changed in the past year, cybersecurity continues to be top of mind across the SMB community. Our report revealed that 86% of SMBs have cybersecurity within their organization’s top five priorities, which reflects how SMBs are investing in cybersecurity. It is essential to point out that almost three-quarters of SMBs plan to invest more of their budget in cybersecurity within the next year. Over half of SMBs believe that investing more in cybersecurity will reduce the amount of risk for their organization.

The Vanson Bourne survey results also call attention to the widespread cybersecurity skills gap among SMBs. With over half of SMBs agreeing to the lack of in-house skills needed to deal with security issues, it’s more important than ever to invest in ongoing cybersecurity education.

This skills gap, however, helps to drive the adoption of outsourced services – creating more opportunities for MSPs. Nearly 6 in 10 SMBs determined that the majority of their cybersecurity needs will be outsourced within the next five years. Many of those see an increase in cybersecurity expertise as an added value of working with an MSP.

Cybersecurity Trends in 2020

The findings from the survey highlight that cybersecurity expertise – or more importantly, the lack of it – can have serious consequences for MSPs in an increasingly competitive market. Ninety-one percent of SMBs said they would consider using or moving to a new IT service provider if they offered the ‘right’ cybersecurity solution. For most, that means having confidence that their provider will be able to respond to cyber attacks and minimize any damage.

As an MSP, it’s crucial to focus on educating your team on how to deliver the ‘right’ cybersecurity solutions. MSPs owe it to themselves to keep up with trends and knowledge in cybersecurity in order to increase their service offerings and provide their customers with the protection they’re seeking.

It’s no surprise that COVID-19 has significantly impacted both MSPs and their clients. Although the pandemic has resulted in an increase in cyberattacks, it did not significantly impact respondents’ views towards prioritizing cybersecurity. It is important to note that over three fourths (79%) of SMBs did express concern with potential breaches of remote devices and employees.

If we look at the silver lining, these expanding remote workforces can also present new areas of growth for MSPs. Service providers who participate in ongoing cybersecurity training, and instill confidence and build closer relationships with their clients, have an increased market opportunity. MSPs who can balance between people, processes and cybersecurity technology will be strongly positioned for growth post-pandemic and beyond.


Cybersecurity is a journey, not a destination. The need to reinforce policy and best practices around cyber hygiene requires continuing education. Whether it’s education for your team or conversations about culture with your customers, you have to consider that it’s an ongoing process that requires maintenance.

While National Cyber Security Awareness Month is a great opportunity to discuss the current issues we’re facing and make plans to address them, cybersecurity is critical 365 days a year. Cyber crime doesn’t rest and neither should organizations.


No posts to display