A Lack of Resources and Talent Leaves UK SMEs Dangerously Exposed
In the last few years, we have witnessed some of the most seismic changes to the IT security landscape; from global pandemics and geo-political issues to a global energy crisis, to growing cybersecurity threats, to multiple country elections and subdued economic conditions. But, regardless of stretched IT and cybersecurity budgets, and a significant IT skills shortage, threat actors continue to innovate as cyber threats evolve at breakneck speed; organisations have no choice but to defend themselves.
Today cyberattacks are increasingly targeting small to medium-sized enterprises (SMEs), according to JumpCloud's latest Q3 2024 SME IT Trends Report. Forty-four per cent of UK SMEs have been a victim of a cybersecurity attack. Nearly two-thirds (60%) say they have had multiple attacks in 2024. That's because smaller organisations often lack the manpower of larger corporations, with nearly half (48%) of our UK survey cohort claiming that despite their best efforts, they lack the resources and staff to secure the organisation against cybersecurity threats. This is compounded by a lack of access to skilled cybersecurity professionals with many SMEs having IT teams consisting of only one or two people.
The Growing Cybersecurity Talent Gap
Another common trend in 2024 is the return-to-office (RTO) mandates. However, these mandates can have negative impacts on employees and organisations, and some say they are not worth the risks to employee stability.
While such mandates may be integrated with the intention of boosting morale and productivity, this approach is at odds with what modern workers are looking for. Contrary to the boardroom's view, a significant portion of the workforce is not eager to give up the flexibility they've experienced in the last few years. Furthermore, if corporate leaders begin rewarding employees for simply being present in the office for five days, they risk narrowing the talent pool, which will further exacerbate the skills shortage problem.
The ongoing skills gaps within IT teams are causing organisations to frantically seek professionals who have deep cybersecurity knowledge and the necessary certifications. As artificial intelligence (AI) and machine learning (ML) add a new dimension to the threat landscape, the demand for these cybersecurity experts is already outstripping supply. The only way to address this is for organisations to adopt a proactive stance, driving investment in training and talent acquisition – but this isn't an overnight fix.
The absence of skilled IT and cybersecurity personnel in SMEs can lead to inadequate defence. Without experts to implement and manage robust security measures, SMEs are more susceptible to breaches. A lack of hands-on expertise can result in slower detection and response times with vulnerabilities lurking in systems longer than they should. Additionally, meeting growing regulatory requirements becomes more challenging without the necessary knowledge and skills.
Spending Challenges
In our survey, 36% of respondents stated that the biggest challenge to their IT team was the increased work burden. And, unfortunately, more than a quarter (28%) said they believe their organisation will cut spending in the next year. This will further compound the issue, with 69% of UK respondents agreeing that cuts to the budget will increase organisational risk. To add to the issue, nearly a third (31%) of UK organisations have gone through layoffs in the last six months, and nearly half of UK SMEs expect layoffs in the next six months.
This conservative view on investment means that the old playbook is obsolete, and SMEs must adapt to deal with the changing landscape or risk falling behind. So, what strategies should they put in place to mitigate the talent shortage?
As mentioned above, they can invest in training and development to upskill the current workforce. In tandem, they can also explore partnerships and collaborations working with educational and industry institutions to help develop a pipeline of talent. But this will take time and still leave the IT environment vulnerable to attacks. To address immediate risks while building long-term solutions, they could explore outsourcing and managed services. Utilising MSPs can offer SMEs specialised skills and resources if they are struggling to secure in-house expertise. Indeed, our survey found that SMEs are deepening their ties with MSPs for IT solutions and support. Over half (51%) are using MSPs for support for internal teams, and two-thirds say they plan to increase their investment in the next 12 months.
They can also leverage automation and adopt advanced security technologies that incorporate automation and AI to bridge the gap by reducing reliance on human intervention. Although there were some concerns in our survey about AI replacing humans, three-quarters (75%) of our survey respondents said that AI would be a net positive for their organisation.
External and Internal Pressures are Taking Their Toll
Recently, Gartner has highlighted that nearly half of cybersecurity leaders will change jobs by 2025, with half of those pursuing different careers entirely due to workplace stress. There is no doubt that these external and internal pressures are taking their toll.
IT teams are the engines that power and protect SME businesses. Their role and value cannot be overstated. The person who manages an organisation's IT admin requirements in our modern hybrid world, from onboarding to identity management and access control, is critical to the health of the business. This is perhaps where organisations need to invest in tools and solutions that are designed to reduce the burden on IT teams.
By focusing on making identity and access management (IAM) seamless and integrating it into the workflow, IT teams can work on more critical tasks rather than constantly putting out fires. IAM systems often have self-service portals where users can manage their requests, improving user satisfaction, and reducing help desk workloads. Additionally, IAM enables secure remote access, ensuring remote and hybrid employees can access corporate resources from anywhere, supporting the current hybrid work environment.
This may be why 32% of our UK survey respondents stated that they are planning to invest in IAM in the next six months. The implementation of IAM means organisations can better manage identities and access, significantly reducing the risk of cyber threats and ensuring a secure and efficient operational environment.
Navigating an Evolving World
Automating all of these processes reduces the admin burden on IT staff. More importantly, we can keep our valued IT admin experts in the industry. The talent shortage poses a significant threat to SMEs, leaving them vulnerable to increasingly sophisticated cyber threats. By adopting strategic measures such as training, collaboration and partnerships, outsourcing, and automation, SMEs can enhance their cybersecurity posture and mitigate risks associated with the skills gap.