A lack of resources and talent leaves UK SMEs dangerously exposed

In the last few years, we have witnessed some of the most seismic changes to the IT security landscape -- from global pandemics and geopolitical issues to a global energy crisis, growing cybersecurity threats, multiple country elections, and subdued economic conditions. But regardless of stretched IT and cybersecurity budgets, and a significant IT skills shortage, threat actors continue to innovate as cyber threats evolve at breakneck speed. Organizations have no choice but to defend themselves.

Today, cyberattacks are increasingly targeting small to medium-sized enterprises (SMEs), according to JumpCloud’s latest Q3 2024 SME IT Trends Report. Forty-four percent of UK SMEs have been victims of cybersecurity attacks. Nearly two-thirds (60 percent) report multiple attacks in 2024. Smaller organizations often lack the manpower of larger corporations, with nearly half (48 percent) of UK survey respondents claiming that despite their best efforts, they lack the resources and staff to secure their organization against cybersecurity threats. This is compounded by a lack of access to skilled cybersecurity professionals, with many SMEs having IT teams consisting of only one or two people.

The growing cybersecurity talent gap

Another common trend in 2024 is the return-to-office (RTO) mandates. However, these mandates can have negative impacts on employees and organizations, and some say they are not worth the risks to employee stability.

While such mandates may be intended to boost morale and productivity, this approach is at odds with what modern workers are looking for. Contrary to the boardroom’s view, a significant portion of the workforce is not eager to give up the flexibility they’ve experienced in the last few years. Furthermore, if corporate leaders begin rewarding employees for simply being present in the office, they risk narrowing the talent pool, which will further exacerbate the skills shortage problem.

The ongoing skills gaps within IT teams are causing organizations to frantically seek professionals who have deep cybersecurity knowledge and the necessary certifications. As artificial intelligence (AI) and machine learning (ML) add a new dimension to the threat landscape, the demand for these cybersecurity experts is already outstripping supply. The only way to address this is for organizations to adopt a proactive stance, driving investment in training and talent acquisition -- but this isn’t an overnight fix.

The absence of skilled IT and cybersecurity personnel in SMEs can lead to inadequate defense. Without experts to implement and manage robust security measures, SMEs are more susceptible to breaches. A lack of hands-on expertise can result in slower detection and response times, with vulnerabilities lurking in systems longer than they should. Additionally, meeting growing regulatory requirements becomes more challenging without the necessary knowledge and skills.

Spending challenges

In our survey, 36 percent of respondents stated that the biggest challenge to their IT team was the increased work burden. Unfortunately, more than a quarter (28 percent) said they believe their organization will cut spending in the next year. This will further compound the issue, with 69 percent of UK respondents agreeing that cuts to the budget will increase organizational risk. To add to the issue, nearly a third (31 percent) of UK organizations have gone through layoffs in the last six months, and nearly half of UK SMEs expect layoffs in the next six months.

This conservative view on investment means that the old playbook is obsolete, and SMEs must adapt to deal with the changing landscape or risk falling behind. So, what strategies should they put in place to mitigate the talent shortage?

As mentioned above, they can invest in training and development to upskill the current workforce. In tandem, they can also explore partnerships and collaborations, working with educational and industry institutions to help develop a pipeline of talent. But this will take time and still leave the IT environment vulnerable to attacks. To address immediate risks while building long-term solutions, they could explore outsourcing and managed services. Utilizing MSPs can offer SMEs specialized skills and resources if they are struggling to secure in-house expertise. Indeed, our survey found that SMEs are deepening their ties with MSPs for IT solutions and support. Over half (51 percent) are using MSPs for internal team support, and two-thirds say they plan to increase their investment in the next 12 months.

They can also use automation and adopt advanced security technologies that incorporate automation and AI to bridge the gap by reducing reliance on human intervention. Although there were some concerns in our survey about AI replacing humans, three-quarters (75 percent) of respondents said that AI would be a net positive for their organization.

External and internal pressures are taking their toll

Recently, Gartner has highlighted that nearly half of cybersecurity leaders will change jobs by 2025, with half of those pursuing different careers entirely due to workplace stress. There is no doubt that these external and internal pressures are taking their toll.

IT teams are the engines that power and protect SME businesses. Their role and value cannot be overstated. The person who manages an organization’s IT admin requirements in our modern hybrid world, from onboarding to identity management and access control, is critical to the health of the business. This is perhaps where organizations need to invest in tools and solutions that are designed to reduce the burden on IT teams.

By focusing on making identity and access management (IAM) seamless and integrating it into the workflow, IT teams can work on more critical tasks rather than constantly putting out fires. IAM systems often have self-service portals where users can manage their requests, improving user satisfaction, and reducing help desk workloads. Additionally, IAM enables secure remote access, ensuring remote and hybrid employees can access corporate resources from anywhere, supporting the current hybrid work environment.

This may be why 32 percent of our UK survey respondents stated that they are planning to invest in IAM in the next six months. The implementation of IAM means organizations can better manage identities and access, significantly reducing the risk of cyber threats and ensuring a secure and efficient operational environment.

Navigating an evolving world

Automating these processes reduces the admin burden on IT staff. More importantly, we can keep our valued IT admin experts in the industry. The talent shortage poses a significant threat to SMEs, leaving them vulnerable to increasingly sophisticated cyber threats. By adopting strategic measures such as training, collaboration and partnerships, outsourcing, and automation, SMEs can enhance their cybersecurity posture and mitigate risks associated with the skills gap.

Image Credit: Tang90246 / Dreamstime.com

Sean Gill is Head of Sales, Europe at JumpCloud.