Featured IT Ops Security

SMBs Spend Less than 5% of their IT Budgets on Security

SMBs Spend Less than 5% of their IT Budgets on Security

With each IT security incident reported, CIOs are questioned if they are actually spending enough from their IT budgets on IT security. According to a recent report on IT security preparedness of SMBs, almost one-third of the organizations spend less than 5 percent of their IT budget on security. As per various sources, an IT security incident could cost an SMB anywhere between $120k and $1.24 million USD per incident. Overall, the average cost of data breaches due to an IT incident reached $4.24 million USD per incident. In all this critical development, SMBs are trying to figure out various ways they can design their IT budget for hiring, external vendor selection and IT security spending.

Recommended: Zero Trust in Video Conferencing Is Crucial – So, Why Isn’t It…

According to Devolutions latest report titled, “The State of IT Security in SMBs in 2022-2023”, 67 percent of the SMBs are more aware of the targeted and veiled security attacks in 2022 compared to last year. To tackle this, SMBs are adding security staff (36%) or outsourcing IT security to Managed Service Providers (MSPs) (8%). There has been a significant appraisal in the efforts that SMBs (88%) are putting to educate and train their IT end-users.

Why are SMBs Targeted by Cyberattacks?

By virtue of their size and revenue generation, large organizations have always been under attack by the cyber criminals. But, SMBs are suddenly facing much greater threats due to their complacent IT security measures. As SMBs often stay connected via emails and data pipelines with larger organizations, they led the attackers to the IT systems of larger customers and partners. Hackers find it easier to target SMBs before launching a bigger attack on larger organizations. In the last one year, 60 percent of the SMBs said they experienced at least one cyber attack; 18% of these SMBs experienced more than 6 incidents.

According to Devolutions report, SMBs are coping with risky remote workplace challenges that test IT security preparedness in four major areas. These are: Security, Governance, Efficiency, and Affordability.

ITechnology Series News:

WizarPOS Hailed to Accomplish All Android POS With Remote Key Injection Services

Common attacks targeting SMBs are listed as follows:

  1. Ransomware
  2. Phishing
  3. Malware
  4. Cloud computing vulnerabilities
  5. Supply chain attacks
  6. DDoS and Insider threats

What measures are SMBs taking to thwart attacks?

The most popular mechanism for SMBs to thwart attacks is to follow the ‘principle of least privilege.’ According to the principle of least privilege (POLP), as prescribed by CISA USA, user’s rights, access and privileges should be restricted strictly to a limit to complete a specific tasks, and the rights relinquished as soon as the tasks are accomplished. 51% of the SMBs implemented POLP; 47% stated they regularly audit the account privilege.

Significant number of respondents (38%) chose to implement segregation of duties, which is a step ahead from what SMBs should be doing to prevent insider threats. According to the recommendation from Devolutions, SMBs that prioritize privileged access management (PAM) as part of their overall IT security program benefit in several ways.

Security Analysis:

The Manufacturing Sector in 2022 Is More Vulnerable to Account Compromise and Supply Chain Attacks in the Cloud

How PAM Solutions Reduce IT Security Threats?

Devolutions state that PAM solutions help organizations by:
Reducing security risks
Shrinking the overall size of the attack surface
Lowering operational costs and complexity
Increasing visibility and situational awareness
Improving regulatory compliance

Furthermore, a growing number of insurance carriers that offer cybersecurity policies are insisting that customers have a robust PAM solution in place as a prerequisite for coverage.

Why SMBs don’t use PAM Solutions?

Lack of IT Security budget is the biggest reason why SMBs don’t choose to add PAM solution in their enterprise technology stack. 28% of the SMBs don’t have enough finances to invest in PAM solutions; 30% justify they have enough trust in their existing remote access and password management tools and are sufficient to mitigate contemporary risks.


In order to improve security preparedness and IT ops infrastructure among SMBs, CIOs should look out for better strategies, policies, processes, technologies and applications/ tools to improve integrity and efficiency of existing IT systems. The good thing is 49% of the SMBs are spending more on IT security in 2022 than in 2021 or previous years; 46% see their IT budget exploding significantly in the next 12 months or so.

So, what does your IT budget planning look like for 2023?

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Tuya Smart to Showcase Industry-Leading IoT Tech at CES 2022

ITech News Desk

OpenText Strengthens Security & Protection Cloud with Network Detection & Response

ITech News Desk

Pindrop and Five9 Partner to Provide Greater Access to Authentication and Fraud Protection for Five9 Customers

ITech News Desk