Small and medium businesses struggle with cybersecurity in the face of growing threats

• More than half of SMBs are aware of having been victims of cybercrime
• 38% believe they have urgent cybersecurity gaps to address
• 64% intend to increase their spending on cybersecurity in 2025

LONDON – 13 February 2025 – Small and medium-sized businesses (SMBs) face multiple challenges with securing their operations against cyberattacks that are becoming more sophisticated and vicious, according to a report by telecom and technology advisory company STL Partners. The research is based on a recent survey of 826 IT decision-makers in SMBs, conducted across seven advanced markets in Western Europe, North America and Australia.

“AI allows cybercriminals to orchestrate sophisticated, targeted attacks with little effort while SMBs, the backbone of the economy, have limited internal resources to counter them”, notes Marina Koytcheva, research director at STL Partners.

The research shows that 48% of small and medium companies’ cybersecurity is managed by a non-expert.

“This is not to say that cybersecurity is regarded as unimportant by business owners and managers; quite the contrary: it is a priority in more than 90% of these companies”, explains Nicola Warren, senior analyst at STL Partners. This shouldn’t be a surprise: 58% of SMBs are aware that they have been a victim of cybercrime, leading to loss of time, money and data. In addition, almost two in three SMBs serve clients that require certain cybersecurity assurances.

But cybersecurity comes at a cost – and for many small and medium companies, it makes up a very significant proportion of their spending on technology products, services and solutions: 39% on average. However, cost is not the only challenge for SMBs that want to be cybersecure. Employees’ lack of cybersecurity awareness and appreciation of the risks, as well as careless use of personal and company devices are among the biggest cybersecurity worries that prey on the minds of IT and business managers.

All this adds up to an expectation among 64% of SMBs that their spending on cybersecurity will increase in 2025, with 24% projecting the increase to be in excess of 10 percent.

Source: STL Partners

“One of the main learnings from our survey is that SMBs should not be treated as a homogenous group: their knowledge of cybersecurity varies greatly, as does their preference for the suppliers they use, the packages they opt for, their desired level of external management of cybersecurity and their perceived needs for bespoke products,” continues Warren. When it comes to buying cybersecurity, quality of service and pricing are the top selection criteria for SMBs, reflecting their cost consciousness and time constraints as well as lack of expertise. Solution providers will also need to help SMBs with securing the human element: employee knowledge, awareness and preparedness to recognise malicious attacks.

“While SMBs are not an easy customer segment to serve, the growing market for cybersecurity provides space for solution providers of all types to build share: cyber specialists, IT companies, telcos. Those that manage to address the needs of the various subsegments of SMBs can enjoy loyalty and opportunity to cross-sell other services such as connectivity”, concludes Koytcheva.

Discover more insights from the survey by downloading a summary here.

For media enquiries, click here to get in touch with our team.

STL Partners is a leading research and consulting company that focuses on the telecom industry and adjacent markets by supporting telcos and their partners innovate, grow, and stay ahead of the competition. We are now expanding into cybersecurity research to help telcos navigate emerging threats and opportunities.