Across Europe, 100 million people are employed by small and medium-sized enterprises (SMEs). The UK has over five million SMEs, providing three-fifths of employment and £2.4 trillion in turnover. As a vital component in the national economy, SMEs must continue to invest in automation, technology-led innovation, and underpin this with strong security.

We recently completed our sixth bi-annual SME IT Trends survey, and the good news is that technology investment continues to increase. Not only that, but business leaders and IT administrators are positive about the benefits of automation and artificial intelligence (AI). However, the other side of this coin is more concerning; the number of cybersecurity challenges organisations face continues to increase. Our study shows that they need to make bold decisions about their security posture. Failure to do so puts their businesses and employees at risk.

Firms continue to invest in technology

SMEs are the engine of the economy and most of them are continuing to invest in technology; overall, 82% report that IT budgets are increasing, and 20% of these report a budget boost of 20%. IT budgets are set to increase again in 2024, according to 80% of survey respondents. In a rapidly digitising economy with rising cybersecurity challenges, this is good news.

As our survey shows, a key area for investment is identity management, with IT administrators it as a way to streamline and centralise identity but retain the openness and benefits of a cloud-based technology framework. This strategic shift is empowering IT teams to cater to employees' changing needs and evolving IT environments without adding unnecessary friction, cost, or complexity.

IT admins are also tasked with helping the business grow, so it was not surprising that keeping pace with new services and app rollouts was the second largest challenge after cybersecurity worries for 45% of respondents, followed by increased work burden (43%). In addition, IT teams are concerned about meeting compliance requirements, with 75% telling us that there has been an increase in regulation. This trend is only set to continue.

The IT management landscape remains complex

Today, companies are navigating a complex landscape. Our survey found that IT administrators in 60% of organisations are using five or more different tools for employee and application management. In 9% of cases, firms are using more than 15 different tools. In a complex business environment, making life more complicated with a plethora of tools is unwise.

Fortunately, many IT admins are aware of this and are working to reduce complexity. Over half (51%) are working towards the centralisation of security and employee access, an increase of 20% since the previous study. Employee education on security is also increasing, with 70% of survey respondents offering formal cybersecurity training and a further 20% actively planning an offering. This is a positive development; tools are important, but creating the right security culture in the organisation is vital, and education is the foundation stone of that culture.

The need for more sophisticated security

SMEs are also increasing the sophistication of the security technology they use. Two-thirds (66%) are using biometrics for employee authentication, again another positive development. However, password access still dominates in 83% of organisations as the only form of authentication for IT resources.

Encouragingly, multi-factor authentication (MFA) to access all IT resources is being considered by over 80% of respondents. This is being driven by a decline in trust by IT admins in the ability of passwords to protect the technology estate, with 28% saying password authentication is not adequate protection.

Business agility must co-exist with security safeguards

Smaller organisations must be focused on delivering business outcomes in order to survive. As a result, any changes to the technology and security landscape must increase or make no discernible change to the business's ability to deliver.

Our study shows how business-focused IT admins are. Many SMEs are concerned that by increasing the security posture of the business, they are decreasing its agility. Over half (67%) say that beefing up security resulted in "a more cumbersome experience."

Though I understand their concern, it just isn't true that you can't have good security without friction. The adoption of single sign-on (SSO) by 87% of respondents for parts of the business, with 35% using SSO right across the enterprise, is at least a sign that there is a focus on reducing friction.

That lack of friction is vital in smaller firms where there is a higher demand for the core employees to be the field force meeting customers, conducting sales and marketing, co-developing products or delivering projects on-site for customers. Therefore, these companies need an approach to security that protects not only their organisations but also their clients.

Large enterprises are constantly telling us that they want to increase the number of partnerships with their more nimble, digital first counterparts and bring some of that culture into their enterprises, but they worry that doing so will increase their cybersecurity risk profile. This leads us back to the need for smaller firms to have simple and effective security. This will protect not only their organisation but also the ecosystem they operate within, which will lead to growth.

The increase in adoption of identity technologies

Against this backdrop, small organisations are adopting identity technologies to both gain greater control of the IT estate and streamline operations. To get to market quickly and reduce costs, companies are adopting Software-as-a-Service (SaaS) tools and cloud infrastructure.

Typically, smaller companies are digital-native, cloud-forward organisations, but the immutable fact is that they need something to manage access from a single point. What they need is a platform approach rather than a host of disparate tools.

Such an approach is not only simpler but will also help small enterprises continue to support and benefit from remote working and increase the security of the business. They need to be able to see and be sure of the identity of the person, device, and network they are using. The advantages in agility, mobility, and innovation can only be retained if they also simplify operations and are demonstrably secure. Now is the time for SMEs to make some bold decisions about their security posture.