UK SMEs more vulnerable to cyber attacks according to latest report
JumpCloud’s Q1 2024 SME IT Trends report indicates that in 2024, UK SMEs could be more vulnerable to cyber attacks than SMEs in other countries.
The survey found that UK respondents are less likely to offer formal cybersecurity training (62% UK, 72.5% USA, and 74% in India), less likely to have an IT security expert on staff (78% v 87% v 94%), least financially prepared to recover from a cyber attack (65% v 75% v 80%), and least likely to have a cybersecurity plan (72% v 82% v 87.5%).
This lack of investment in planning, training, and resources could be budget-related. The UK reported the lowest overall budget increase (75%) and lowest percentage reporting “budgets up by more than 20%”, at 13%. UK budgets are more likely to be remaining flat than other countries, and combining “remaining flat” and “decreased” the picture is slightly less favourable overall. In the Q2 2023 report, 77% of UK respondents reported budget increases.
JumpCloud's sixth edition of its biannual SME IT Trends Report is designed to serve as a resource for evaluating the state of IT, offering guidance on where it’s headed. More than 1,200 respondents were surveyed from the UK, USA, and India, with 402 participants from the UK.
Security is the number one challenge
In terms of challenges, security dominates, cited by more than half of respondents globally (56%) and by 50% of UK respondents. The second and third biggest challenges both globally and in the UK were new services/application rollouts (45% and 41% respectively) and increased work burden (44% and 38% respectively). In Q2 2023, UK respondents cited device management as their second largest challenge, whereas this time device management dropped to sixth place.
Overall, the top three security threats remain consistent with those reported in April 2023. Network attacks topped the list (40%, up from 38% in Q2 2023), followed by software vulnerability exploits (34%, up from 27% in Q2 2023), and ransomware (29%, down from 33% in Q2 2023). In the UK, network attacks also topped the list (44.5%) followed by ransomware (35%), with software vulnerability exploits in third place (32%). In fact, ransomware is a bigger concern for UK organisations than the other countries surveyed (35% UK vs 32% USA vs 20% India).
Budgets on the rise
The good news is that globally, IT budgets are up over the past 12 months, continuing the trend seen in early 2023. Over eight in 10 organisations report an increase in IT budgets (82%) and 20% report an increase of more than 20%, compared with 80% who had seen an increase in Q2 2023 and 13% who had seen an increase of over 20%. Likewise, 2024 is an improving picture for UK SMEs with 69% of UK respondents expecting their IT budgets to increase and only 7% predicting a decrease, whereas in Q2 2023 57% expected increases and 10% expected budgets to decrease.
Greg Keller, CTO of JumpCloud, comments: “SMEs are often called the ‘engine’ of the UK economy and they have contributed to better-than-expected performance over the past year. Defending against cyber attacks is important so UK SMEs can continue driving growth, and organisations are naturally looking for powerful but cost-effective solutions that minimise administrative burden. Frictionless device and identity management is a great place to start.”
AI adoption
With all the hype around AI, it is no surprise that organisations are actively planning for AI; only 13% of global organisations do not currently have any plans to implement AI initiatives. Well over half (61%) expect to implement AI initiatives within the next year. Seventy-six percent agree their organisation should be investing in AI, and 63% have already developed an AI policy.
However, the adoption of AI appears to be higher among Indian and USA respondents than in the UK. In fact, 23% of UK respondents have no plans to implement AI and 8.5% are taking a longer-term view and not planning to implement until 19–24 months out. Only 70% of UK respondents think their organisation should be investing in AI, versus the global average of 76%, and only 45.5% have a policy around AI versus 63% globally.
UK respondents were more likely to disagree or strongly disagree that AI is outpacing their organisation’s ability to protect against threats (22% versus 18% in the USA versus 5% in India). Also, the UK was least likely to claim that AI will be a net positive (71% versus 76% USA and 91% India). That said, 22% of UK respondents do feel that the organisation is moving too slowly when it comes to the adoption of AI, a higher percentage than the USA and India respondents.
Other key findings include:
- Single solution versus multiple solutions – a large majority (75%) of global respondents continue to prefer a single tool to do their job rather than several-point solutions, roughly the same as the 77% who said the same in Q2 2023. In the UK in Q2 2023, 76% of UK respondents said they would prefer to use a single solution over managing multiple different solutions. In Q1 2024, this has dropped to 66%.
- Number of tools – 59.5% of global respondents need five or more tools to manage the employee lifecycle and the applications they need to do their job, and 9% need more than 15. 45% of UK respondents need five or more tools and 7.5% need more than 15.
- Biometrics, multi-factor authentication (MFA), and passwords – globally the number of organisations adopting biometrics is increasing. Two-thirds (66%) require the use of biometrics for employee authentication versus 55% in Q2 2023. The UK appears to be behind here, with 44% requiring the use of biometrics for employee authentication. However, 34% say it is the most secure step to access MFA, on par with the global average of 33%. Sixty-three percent of UK respondents strongly agree that their security posture would be stronger if they were required to adopt biometrics, versus the global average of 60%.
- Passwords are still a big part of organisational security – 83% of organisations globally use password-only authentication for at least some IT resources compared to 77% of UK respondents.
- Organisations are looking to make passwordless authentication more secure – 83% say they also require employees to use MFA to access all IT resources, compared to 75% of UK respondents.
- On average employees need to manage three to five passwords – India respondents use a higher percentage of multiple passwords than the other two regions, with UK respondents tending to use a lower number of passwords.
- Managed service providers (MSPs) continue to be a go-to resource for organisations globally – 87% rely on an MSP for some features, virtually the same as the 90% who reported this in Q2 2023. Sixty-two percent of UK respondents are using an MSP to some extent within their IT programme, which is higher than the last report (57%). Nineteen percent don’t work with an MSP and 18% reported they are considering working with one, whereas this was 30% of respondents in Q2 2023.